CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway. This issue affects CodeChecker: through 6.24.5.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*

History

14 Nov 2025, 15:29

Type	Values Removed	Values Added
First Time		Ericsson Ericsson codechecker
CPE		cpe:2.3:a:ericsson:codechecker::::::::
References	~~() https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm -~~	() https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm - Vendor Advisory

Information

Published : 2025-02-28 13:15

Updated : 2025-11-14 15:29

NVD link : CVE-2025-1300

Mitre link : CVE-2025-1300

CVE.ORG link : CVE-2025-1300

JSON object : View

Products Affected

ericsson

codechecker

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2025-1300", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-02-28T13:15:27.043", "references": [{"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm", "tags": ["Vendor Advisory"], "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \n\nThe CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway.\n\nThis issue affects CodeChecker: through 6.24.5."}, {"lang": "es", "value": "CodeChecker es una herramienta de an\u00e1lisis, una base de datos de defectos y una extensi\u00f3n de visualizaci\u00f3n para Clang Static Analyzer y Clang Tidy. El servidor web CodeChecker contiene una vulnerabilidad de redireccionamiento abierto debido a la falta de protecciones contra m\u00faltiples barras despu\u00e9s del nombre del producto en la URL. Esto hace que se evadan las protecciones contra CVE-2021-28861, lo que conduce a la misma v\u00eda de redireccionamiento abierto. Este problema afecta a CodeChecker: hasta la versi\u00f3n 6.24.5."}], "lastModified": "2025-11-14T15:29:28.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09E09A9A-AB91-4AB2-B40F-2FE5D5125636", "versionEndExcluding": "6.24.6"}], "operator": "OR"}]}], "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"}