QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-64481

Back to search

CVE-2025-64481

Published: Nov 7, 2025

Modified: Dec 26, 2025

PUBLISHED

Description

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.

VendorProductVersions

simonw

datasette

affected
< 0.65.2
affected
>= 1.0a0, < 1.0a20

Weaknesses (CWE)

CWE-601

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now