CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-63784

An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing a redirect URL. A remote attacker can send a manipulated X-Forwarded-Host header to redirect an authenticated user to an arbitrary external website under their control, which can be exploited for phishing attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.4%

CVSS Severity

CVSS v3 Score 6.5

References

https://blog.soohyun.tech/CVE-2025-63784-Open-Redirect-in-Onlook-27e557175d2e80ac8641fab59dc36021
https://tossbank.notion.site/Open-Redirect-in-onlook-27e557175d2e80ac8641fab59dc36021

Products affected by CVE-2025-63784

Onlook » Onlook » Version: 0.2.32

cpe:2.3:a:onlook:onlook:0.2.32

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-63784

Products

Pricing

Contact Us