CVE-2025-60868

Published: Oct 10, 2025

Modified: Oct 10, 2025

PUBLISHED

Description

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter pollution, or denial of service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://statamic.com/addons/alt-design/alt-redirects/release-notes

https://gist.github.com/kasiasok/870933de18d1400fa8be88e1bcadec6c

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-60868

Description

Affected Products

References