CVE-2025-14692
Description
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is [f]ixed in version 4.10.2. Furthermore, that [b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.132
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms 4.10.2 | Windows |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms 4.6.12 | Windows |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms 4.7.8 | Windows |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms 4.8.10 | Windows |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms 4.9.7 | Windows |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms for linux 4.10.2 | Linux |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms for linux 4.6.12 | Linux |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms for linux 4.7.8 | Linux |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms for linux 4.8.10 | Linux |
| Vulnerabilities CVE-2025-14692 are fixed in Python-mayan-edms for linux 4.9.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234