Open Redirect in Leepeuker Movary

CVE-2025-64116

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external site…

Vulnerability class: Open Redirect

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

Affected products

Leepeuker Movary — versions < 0.69.0

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g (x_refsource_CONFIRM)
https://github.com/leepeuker/movary/pull/713 (x_refsource_MISC)
https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f (x_refsource_MISC)