Detections
Analytics

CVE-2025-8129

low

Description

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?submit.619741

https://vuldb.com/?id.317514

https://vuldb.com/?ctiid.317514

https://github.com/koajs/koa/issues/1892#issue-3213028583

https://github.com/koajs/koa/issues/1892

Details

Source: Mitre, NVD

Published: 2025-07-25

Updated: 2025-07-25

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 3.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Severity: Low

CVSS v4

Base Score: 2

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00029