Moderate severityNVD Advisory· Published Dec 9, 2025· Updated Dec 10, 2025
Taguette does not safeguard against Open Redirect
CVE-2025-67502
Description
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
taguettePyPI | < 1.5.2 | 1.5.2 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-5923-r76v-mprmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67502ghsaADVISORY
- github.com/remram44/taguette/commit/67de2d2612e7e2572c61cd9627f89c2bfd0f2a36ghsax_refsource_MISCWEB
- github.com/remram44/taguette/security/advisories/GHSA-5923-r76v-mprmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.