Open Redirect in Leepeuker Movary

CVE-2025-64115

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause…

Vulnerability class: Open Redirect

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

Affected products

Leepeuker Movary — versions < 0.69.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f (x_refsource_CONFIRM)
https://github.com/leepeuker/movary/pull/713 (x_refsource_MISC)
https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f (x_refsource_MISC)