CVE-2025-65954: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in simplesamlphp simplesamlphp-module-casserver
CVE-2025-65954 is an open redirect vulnerability in the simplesamlphp-module-casserver affecting versions prior to 6. 3. 1 and certain pre-release 7. 0. 0 versions. The logout endpoint improperly trusts a URL query parameter and redirects users to it or presents a logout page linking to it, depending on configuration. This can occur when 'enable_logout' and 'skip_logout_page' are both set to true. The vulnerability has been fixed in versions 6. 3. 1 and 7.
AI Analysis
Technical Summary
The simplesamlphp-module-casserver, a CAS-compliant server module, contains an open redirect vulnerability (CWE-601) in its logout endpoint. Versions below 6.3.1 and certain 7.0.0 pre-release versions accept a URL parameter for redirection after logout without proper validation, treating the URL as trusted. This can lead to users being redirected to untrusted external sites if the configuration enables logout and skips the logout page. The issue is resolved in versions 6.3.1 and 7.0.0.
Potential Impact
An attacker can exploit this vulnerability to redirect users to arbitrary, potentially malicious external websites after logout, which may facilitate phishing or social engineering attacks. There is no direct impact on confidentiality or availability, but the integrity of user navigation flow is compromised. The CVSS base score of 4.7 reflects a medium severity with no confidentiality or availability impact but some integrity impact.
Mitigation Recommendations
Upgrade affected installations of simplesamlphp-module-casserver to version 6.3.1 or later, or to version 7.0.0 or later where the issue is fixed. Since this is a module vulnerability and not a cloud service, manual patching by updating the software is required. There is no vendor advisory explicitly stating otherwise, so applying the official fixed versions is the recommended remediation.
CVE-2025-65954: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in simplesamlphp simplesamlphp-module-casserver
Description
CVE-2025-65954 is an open redirect vulnerability in the simplesamlphp-module-casserver affecting versions prior to 6. 3. 1 and certain pre-release 7. 0. 0 versions. The logout endpoint improperly trusts a URL query parameter and redirects users to it or presents a logout page linking to it, depending on configuration. This can occur when 'enable_logout' and 'skip_logout_page' are both set to true. The vulnerability has been fixed in versions 6. 3. 1 and 7.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The simplesamlphp-module-casserver, a CAS-compliant server module, contains an open redirect vulnerability (CWE-601) in its logout endpoint. Versions below 6.3.1 and certain 7.0.0 pre-release versions accept a URL parameter for redirection after logout without proper validation, treating the URL as trusted. This can lead to users being redirected to untrusted external sites if the configuration enables logout and skips the logout page. The issue is resolved in versions 6.3.1 and 7.0.0.
Potential Impact
An attacker can exploit this vulnerability to redirect users to arbitrary, potentially malicious external websites after logout, which may facilitate phishing or social engineering attacks. There is no direct impact on confidentiality or availability, but the integrity of user navigation flow is compromised. The CVSS base score of 4.7 reflects a medium severity with no confidentiality or availability impact but some integrity impact.
Mitigation Recommendations
Upgrade affected installations of simplesamlphp-module-casserver to version 6.3.1 or later, or to version 7.0.0 or later where the issue is fixed. Since this is a module vulnerability and not a cloud service, manual patching by updating the software is required. There is no vendor advisory explicitly stating otherwise, so applying the official fixed versions is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-11-18T16:14:56.693Z
- Cvss Version
- 3.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0b7bdbec166c07b0f9e88c
Added to database: 5/18/2026, 8:51:39 PM
Last enriched: 5/18/2026, 9:06:55 PM
Last updated: 5/18/2026, 11:25:16 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.