CVE-2025-67502 is a vulnerability classified under CWE-601 (URL Redirection to Untrusted Site, or 'Open Redirect') affecting the open-source qualitative research tool Taguette, specifically versions 1.5.1 and earlier. The flaw arises from the application's handling of the 'next' parameter, which is user-controlled and directly used in HTTP redirects without any validation or sanitization. This allows an attacker to craft URLs that, after a user authenticates, redirect them to arbitrary external websites controlled by the attacker. Such behavior can be exploited in phishing campaigns where users believe they are interacting with a legitimate Taguette instance but are instead redirected to malicious sites designed to steal credentials or deliver malware payloads. The vulnerability does not require any privileges or authentication to exploit but does require user interaction (clicking the malicious link). The CVSS v3.1 base score is 5.4, reflecting a medium severity level, with the vector indicating network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and low impact on confidentiality and integrity, with no impact on availability. The issue was publicly disclosed on December 9, 2025, and is fixed in Taguette version 1.5.2. No known exploits are reported in the wild as of now.

For European organizations using Taguette versions prior to 1.5.2, this vulnerability poses a risk primarily through phishing attacks that leverage the open redirect to redirect authenticated users to malicious external sites. This can lead to credential compromise, unauthorized access, and potential malware infections, impacting confidentiality and integrity of sensitive research data. Given Taguette's use in qualitative research, data confidentiality is critical, and phishing-induced breaches could undermine research integrity and privacy compliance obligations under GDPR. The medium severity score reflects moderate risk, but the ease of exploitation via crafted URLs and the potential for social engineering elevate the threat. Organizations relying on Taguette for collaborative research may face reputational damage and operational disruption if attackers exploit this vulnerability to compromise user accounts or distribute malware within their networks.

European organizations should immediately upgrade Taguette installations to version 1.5.2 or later, where the vulnerability is fixed. In addition, implement strict validation and sanitization of URL parameters, especially those controlling redirects, to ensure only trusted internal URLs are allowed. Employ web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns. Educate users about phishing risks, emphasizing caution when clicking on links, even from trusted sources. Monitor logs for unusual redirect activities and anomalous authentication flows. Consider implementing multi-factor authentication (MFA) to reduce the impact of credential theft. For organizations hosting Taguette instances, enforce Content Security Policy (CSP) headers to limit the impact of malicious redirects. Finally, conduct regular security assessments and penetration tests focusing on URL handling and redirect logic.