CVE-2025-7953 is an open redirect vulnerability identified in Sanluan PublicCMS versions up to 5.202506.a. The vulnerability arises from improper handling of the 'File' argument in the file located at publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. An attacker can manipulate this argument to craft a URL that redirects users to arbitrary external websites. This type of vulnerability is classified as an open redirect, which can be exploited remotely without requiring authentication. The vulnerability has been publicly disclosed, and a patch (commit f1af17af004ca9345c6fe4d5936d87d008d26e75) is available to remediate the issue. The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vector details show that the attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but does require user interaction (UI:P). The impact on confidentiality is none (C:N), on integrity is low (I:L), and no impact on availability (A:N). This vulnerability does not affect system confidentiality or availability but can be leveraged in phishing attacks, session hijacking, or redirecting users to malicious sites, potentially leading to further exploitation or social engineering attacks. No known exploits are currently in the wild, but public disclosure increases the risk of exploitation attempts.

For European organizations using Sanluan PublicCMS, this vulnerability poses a moderate risk primarily related to user trust and potential phishing campaigns. Attackers could exploit the open redirect to trick users into visiting malicious websites, potentially leading to credential theft, malware infections, or other social engineering attacks. This can damage brand reputation and user confidence, especially for public-facing websites or portals. While the direct impact on system integrity and availability is low, the indirect consequences through user exploitation can be significant. Organizations in sectors with high user interaction such as e-commerce, government portals, and educational platforms may face increased risk. Additionally, regulatory frameworks like GDPR emphasize protecting user data and preventing fraud, so exploitation could lead to compliance issues if user data is compromised through secondary attacks.

European organizations should promptly apply the available patch (commit f1af17af004ca9345c6fe4d5936d87d008d26e75) to Sanluan PublicCMS to remediate the open redirect vulnerability. Beyond patching, it is recommended to implement strict input validation and sanitization on URL parameters, particularly the 'File' argument in the affected viewer.html component. Employing Content Security Policy (CSP) headers can help mitigate the impact of malicious redirects by restricting the domains to which users can be redirected. Organizations should also monitor web server logs for unusual redirect patterns and conduct regular security assessments on public-facing CMS instances. User awareness training to recognize phishing attempts leveraging redirects can reduce the risk of successful exploitation. Finally, consider implementing web application firewalls (WAFs) with rules to detect and block suspicious redirect attempts targeting this vulnerability.