CVE-2025-26058

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Feb 18, 2025

Updated: Feb 19, 2025

CWE ID 598

Summary

CVE-2025-26058 is a vulnerability affecting Webkul QloApps version 1.6.1. This issue exposes authentication tokens through URL redirection. When users access protected areas like the admin panel, the application appends sensitive authentication tokens to the URLs, making them susceptible to interception by unauthorized parties. An attacker gaining access to these tokens could potentially take over the affected account or perform unauthorized actions. Users are advised to upgrade to a patched version of the application to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Webkul

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IIm8V
https://www.cve.org/CVERecord?id=CVE-2025-26058
https://nvd.nist.gov/vuln/detail/CVE-2025-26058

Back to Vulnerability Database

CVE-2025-26058

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations