Back to search
CVE-2025-64115
Published: Oct 30, 2025
Modified: Oct 30, 2025
PUBLISHED
Description
Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.
| Vendor | Product | Versions |
|---|---|---|
leepeuker | movary | affected < 0.69.0 |
Weaknesses (CWE)
References
https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f
x_refsource_CONFIRM
https://github.com/leepeuker/movary/pull/713
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now