This vulnerability in Casdoor 2.356.0 involves the OAuth Authorization Request Handler improperly validating the redirect_uri parameter, resulting in an open redirect condition. An attacker can manipulate this parameter to redirect users to malicious sites, potentially facilitating phishing or other social engineering attacks. The vulnerability is remotely exploitable without authentication and requires user interaction. No official patch or remediation guidance has been provided by the vendor as of the publication date.

Successful exploitation allows attackers to redirect users to arbitrary external URLs, which can be used for phishing or to trick users into interacting with malicious sites. There is no indication of direct compromise of the Casdoor system or data leakage from this vulnerability alone. The impact is primarily on user trust and potential downstream attacks leveraging the open redirect.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or released a fix, users should consider implementing temporary mitigations such as validating redirect_uri parameters on their own or restricting allowed redirect destinations within their deployment. Monitoring for suspicious redirect usage may also help detect exploitation attempts.