{"id":"CVE-2025-55751","summary":"OnboardLite Open Redirect Endpoint","details":"OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicious external site. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements jwt signing for the redirect url parameter.","aliases":["GHSA-p8c5-qp4c-qr2m"],"modified":"2026-04-02T12:55:34.438058Z","published":"2025-08-20T15:31:48.496Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55751.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-601"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55751.json"},{"type":"ADVISORY","url":"https://github.com/HackUCF/OnboardLite/security/advisories/GHSA-p8c5-qp4c-qr2m"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55751"},{"type":"FIX","url":"https://github.com/HackUCF/OnboardLite/commit/6cca19ea4f47af125caa08ef82594844f039e07e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hackucf/onboardlite","events":[{"introduced":"0"},{"fixed":"6cca19ea4f47af125caa08ef82594844f039e07e"}]}],"versions":["v1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55751.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N"}]}