{"id":"CVE-2025-66025","summary":"Caido Improperly Handles External Links in Markdown","details":"Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0.","aliases":["GHSA-cf52-h5mw-gmc2"],"modified":"2026-03-10T21:53:26.629754Z","published":"2025-11-26T01:59:06.790Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66025.json","cwe_ids":["CWE-74"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66025.json"},{"type":"ADVISORY","url":"https://github.com/caido/caido/security/advisories/GHSA-cf52-h5mw-gmc2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66025"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/caido/caido","events":[{"introduced":"0"},{"fixed":"972179d5cb53f2fedd3b029f24b2c79a82beb960"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.53.0"}]}}],"versions":["v0.22.1","v0.23.1","v0.24.0","v0.24.1","v0.25.0","v0.25.3","v0.26.0","v0.27.1","v0.27.2","v0.28.0","v0.29.0","v0.29.2","v0.30.0","v0.30.1","v0.30.2","v0.30.3","v0.30.4","v0.31.0","v0.31.1","v0.32.0","v0.32.1","v0.33.0","v0.34.0","v0.34.1","v0.35.0","v0.36.0","v0.36.1","v0.37.0","v0.38.0","v0.39.0","v0.40.0","v0.41.0","v0.42.0","v0.43.0","v0.43.1","v0.44.0","v0.44.1","v0.45.0","v0.45.1","v0.46.0","v0.47.0","v0.47.1","v0.48.0","v0.48.1","v0.49.0","v0.50.0","v0.50.1","v0.50.2","v0.51.0","v0.51.1","v0.52.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66025.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}