CVE-2025-8066 - Vulnerability Details - OpenCVE

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Bunkerity	Bunker Web
Linux	Linux

No data.

No data.

References

Link	Providers
https://fluidattacks.com/advisories/cypress
https://github.com/bunkerity/bunkerweb
https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.4

History

Mon, 25 Aug 2025 23:00:00 +0000

Type	Values Removed	Values Added
References		https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.4

Sat, 16 Aug 2025 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bunkerity Bunkerity bunker Web Linux Linux linux
Vendors & Products		Bunkerity Bunkerity bunker Web Linux Linux linux

Fri, 15 Aug 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 15 Aug 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.
Title		Bunker Web 1.6.2 - Uncontrolled external site redirect
Weaknesses		CWE-601
References		https://fluidattacks.com/advisories/cypress https://github.com/bunkerity/bunkerweb
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2025-08-15T16:10:41.570Z

Updated: 2025-08-25T22:45:43.890Z

Reserved: 2025-07-22T22:43:32.674Z

Link: CVE-2025-8066

Vulnrichment

Updated: 2025-08-15T19:12:45.477Z

NVD

Status : Awaiting Analysis

Published: 2025-08-15T16:15:30.540

Modified: 2025-08-25T23:15:32.430

Link: CVE-2025-8066

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8066", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2025-07-22T22:43:32.674Z", "datePublished": "2025-08-15T16:10:41.570Z", "dateUpdated": "2025-08-25T22:45:43.890Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Bunker Web", "vendor": "Bunkerity", "versions": [{"lessThan": "1.6.4", "status": "affected", "version": "1.6.2", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bunkerity:bunker_web:*:*:linux:*:*:*:*:*", "versionEndExcluding": "1.6.4", "versionStartIncluding": "1.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.<p>This issue affects Bunker Web: 1.6.2.</p>"}], "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2."}], "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "CAPEC-98 Phishing"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2025-08-25T22:45:43.890Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://fluidattacks.com/advisories/cypress"}, {"tags": ["product"], "url": "https://github.com/bunkerity/bunkerweb"}, {"tags": ["patch"], "url": "https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.4"}], "source": {"discovery": "UNKNOWN"}, "title": "Bunker Web 1.6.2 - Uncontrolled external site redirect", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-15T19:12:39.020590Z", "id": "CVE-2025-8066", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T19:12:50.010Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-15T19:12:39.020590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T19:12:45.477Z"}}], "cna": {"title": "Bunker Web 1.6.2 - Uncontrolled external site redirect", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-98", "descriptions": [{"lang": "en", "value": "CAPEC-98 Phishing"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Bunkerity", "product": "Bunker Web", "versions": [{"status": "affected", "version": "1.6.2", "lessThan": "1.6.4", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://fluidattacks.com/advisories/cypress", "tags": ["third-party-advisory"]}, {"url": "https://github.com/bunkerity/bunkerweb", "tags": ["product"]}, {"url": "https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.4", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.", "supportingMedia": [{"type": "text/html", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.<p>This issue affects Bunker Web: 1.6.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bunkerity:bunker_web:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.6.4", "versionStartIncluding": "1.6.2"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2025-08-25T22:45:43.890Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8066", "state": "PUBLISHED", "dateUpdated": "2025-08-25T22:45:43.890Z", "dateReserved": "2025-07-22T22:43:32.674Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2025-08-15T16:10:41.570Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2."}, {"lang": "es", "value": "La vulnerabilidad de redirecci\u00f3n de URL a un sitio no confiable ('Redirecci\u00f3n abierta') en Bunkerity Bunker Web en Linux permite el phishing. Este problema afecta a Bunker Web: 1.6.2."}], "id": "CVE-2025-8066", "lastModified": "2025-08-25T23:15:32.430", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "help@fluidattacks.com", "type": "Secondary"}]}, "published": "2025-08-15T16:15:30.540", "references": [{"source": "help@fluidattacks.com", "url": "https://fluidattacks.com/advisories/cypress"}, {"source": "help@fluidattacks.com", "url": "https://github.com/bunkerity/bunkerweb"}, {"source": "help@fluidattacks.com", "url": "https://github.com/bunkerity/bunkerweb/releases/tag/v1.6.4"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "help@fluidattacks.com", "type": "Secondary"}]}