CVE-2025-56200

Published: Sep 30, 2025

Modified: Sep 30, 2025

PUBLISHED

Description

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://validatorjs.com

https://gist.github.com/junan-98/a93130505b258b9e4ec9f393e7533596

https://github.com/validatorjs/validator.js

https://gist.github.com/junan-98/27ae092aa40e2a057d41a0f95148f666

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-56200

Description

Affected Products

References