Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

Open Redirect vulnerability in EJBCA

CVE-2025-3027

Description

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks.

Affected products

EJBCA/EJBCAllm-create
Range: =8.0 Enterprise
PrimeKey Solutions AB/EJBCAv5
Range: 8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-ejbcamitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000