BaseDraft

CWE-601URL Redirection to Untrusted Site ('Open Redirect')

Category: other

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Common consequences· 2

  • Access Control — Bypass Protection Mechanism, Gain Privileges or Assume Identity
    The user may be redirected to an untrusted page that contains malware which may then compromise the user's system. In some cases, an open redirect can also enable the immediate download of a file without the user's permission, because the redirection to an external site may lead to endpoints on those sites that automatically trigger a download action ("drive-by download" [REF-1478]). This will expose the user to extensive risk. The user's interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data.
  • Access Control / Confidentiality / Other — Bypass Protection Mechanism, Gain Privileges or Assume Identity, Other
    By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam. The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

Potential mitigations· 5

  • [Implementation]
  • [Architecture and Design]Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
  • [Architecture and Design]
  • [Architecture and Design]Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).
  • [Architecture and Design, Implementation]

Related CAPEC attack patterns· 1

CAPEC-178

References

  1. https://cwe.mitre.org/data/definitions/601.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternCross-Site Flashingcapec-178100%live

Compliance frameworks addressing this (incoming)2

TypeTargetConfidenceTier
ComplianceControliso27001-a.8.23100%live
ComplianceControlnis2-art21g100%live

(incoming)34

TypeTargetConfidenceTier
VulnerabilityCVE-2025-24180cve-2025-241800%live
VulnerabilityCVE-2025-24381cve-2025-243810%live
VulnerabilityCVE-2025-25198cve-2025-251980%live
VulnerabilityCVE-2025-26483cve-2025-264830%live
VulnerabilityCVE-2025-2697cve-2025-26970%live
VulnerabilityCVE-2025-31491cve-2025-314910%live
VulnerabilityCVE-2025-36016cve-2025-360160%live
VulnerabilityCVE-2025-43526cve-2025-435260%live
VulnerabilityCVE-2025-48936cve-2025-489360%live
VulnerabilityCVE-2025-50067cve-2025-500670%live
VulnerabilityCVE-2025-50578cve-2025-505780%live
VulnerabilityCVE-2025-54145cve-2025-541450%live
VulnerabilityCVE-2025-55031cve-2025-550310%live
VulnerabilityCVE-2025-57800cve-2025-578000%live
VulnerabilityCVE-2025-6238cve-2025-62380%live
VulnerabilityCVE-2025-62716cve-2025-627160%live
VulnerabilityCVE-2025-64101cve-2025-641010%live
VulnerabilityCVE-2026-0508cve-2026-05080%live
VulnerabilityCVE-2026-0573cve-2026-05730%live
VulnerabilityCVE-2026-23818cve-2026-238180%live
VulnerabilityCVE-2026-25649cve-2026-256490%live
VulnerabilityCVE-2026-28681cve-2026-286810%live
VulnerabilityCVE-2026-29067cve-2026-290670%live
VulnerabilityCVE-2026-33102cve-2026-331020%live
VulnerabilityCVE-2026-33506cve-2026-335060%live
VulnerabilityCVE-2026-33510cve-2026-335100%live
VulnerabilityCVE-2026-34931cve-2026-349310%live
VulnerabilityCVE-2026-40905cve-2026-409050%live
VulnerabilityCVE-2026-41670cve-2026-416700%live
VulnerabilityCVE-2026-43941cve-2026-439410%live

Showing top 30 of 34 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Direct Request ('Forced Browsing')
CVE
CVE-2026-28301
CWE
Use of Web Link to Untrusted Target with window.opener Access
CWE
Improper Neutralization of Encoded URI Schemes in a Web Page
CWE
Cross-Site Request Forgery (CSRF)
CWE
Unprotected Transport of Credentials
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.