CVE-2025-63784

07.11.2025, 17:15

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing a redirect URL. A remote attacker can send a manipulated X-Forwarded-Host header to redirect an authenticated user to an arbitrary external website under their control, which can be exploited for phishing attacks.

Open Redirect

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Vendor	Product	Version
onlook	onlook	0.2.32

𝑥

= Vulnerable software versions

Known Exploits!

https://blog.soohyun.tech/CVE-2025-63784-Open-Redirect-in-Onlook-27e557175d2e80ac8641fab59dc36021

Common Weakness Enumeration

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://blog.soohyun.tech/CVE-2025-63784-Open-Redirect-in-Onlook-27e557175d2e80ac8641fab59dc36021

https://tossbank.notion.site/Open-Redirect-in-onlook-27e557175d2e80ac8641fab59dc36021