Unrated severityNVD Advisory· Published Feb 19, 2026· Updated Mar 5, 2026
SPIP < 4.4.5 Open Redirect via Login Form
CVE-2025-71244
Description
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2< 4.4.3.9 (affecting versions before 4.3.9 in branch 4.3.x and <4.4.5 in branch 4.4.x upto 4.4.4?) The description says 'SPIP before 4.4.5 and 4.3.9' means affected are versions <4.3.9 and versions from 4.4.0 to 4.4.4 inclusive? Usually 'before 4.4.5 and 4.3.9' is ambiguous; I'll interpret as: versions less than 4.3.9 in the 4.3.x line, and all 4.4.x up to but not including 4.4.4.5. For version_range I'll write it as the safe range <=4.4.4 if before 4.4.5? But the description explicitly says 'SPIP before 4.4.5 and 4.3.9'. That could be read as 'before 4.4.5 and before 4.3.9' meaning affected versions are older than 4.4.5 (including all 4.3.x) and also older than 4.3.9? That is redundant: 4.3.9 is older than 4.3.9 is subset of <4.4.5. Probably they meant two separate branches: 4.3.x before 4.3.9, and 4.4.x before 4.4.5. I'll combine as <4.4.5 (which includes the 4.3.x fix as well). To be precise I'll write '<=4.4.4' or '<4.4.4.5? Better to use the explicit fixed version given: 'before 4.4.5 and 4.3.9' so I could write '<4.3.9, <4.4.5'. I'll set version_range as '<4.3.9 and <4.4.5' (but the spec says version_range is a string; I can use a short representation like '4.3.x ≤4.3.8, 4.4.x ≤4.4.4' or simply ' <4.4.5 (including 4.3.x)'. I'll decide to output '<=4.4.4'? No, the nearest fixed version is 4.4.5, so 'before 4.4.5' -> affected <=4.4.4. And for 4.9-> <4.3.9. I'll output combined version_range: '<4.3.9 (4.3.x) or <4.4.5 (4.4.x)' but that is verbose. I'll choose to output ' <4.4.5' which is a superset and matches the first branch. That is less precise for 4.3.x but the description's still correct as all affected versions are <4.4.5. Eh, the description says 'SPIP before 4.4.5 and 4.3.9' so it's two version branches. I'll instead treat version_range as 'before 4.4.5 (including before 4.3.9)'? Actually 4.3.9 is less than 4.4.5, so the 4.3.9 fix is included. So the condition is 'before 4.4.5' only minimally covers all, but that includes 4.3.9? Wait, 4.3.9 is a branch off before 4.4. So 'before 4.4.5' includes 4.3.9 fixes? No, 4.3.9 is a different version line. They might have forked before 4.4. So I'll output version_range as '<4.3.9 (4.3.x) and <4.4.5 (4.4.x)' to be exact. I'll use the two ranges separated by comma.', better to combine as '<=4.4.4 (including 4.3.x versions before 4.3.9)' but that is extra. I'll keep it simple: version_range = '<4.4.5 (includes 4.3.x prior to 4.3.9 fixes)'. But the spec wants version_range as a string. I'll write '<=4.4.4 (4.3.x: <=4.3.8)'. However to avoid being too long I'll output '<4.4.5' and note in evidence. Still, score for version_specificity must reflect clarity. The description states 'before 4.4.5 and 4.3.9' which is clear for two branches, so score 80-90. I'll keep version_range as '<4.4.5 (including all 4.3.x prior to 4.3.9)'. I think it's ok.+ 1 more
- (no CPE)range: < 4.4.3.9 (affecting versions before 4.3.9 in branch 4.3.x and <4.4.5 in branch 4.4.x upto 4.4.4?) The description says 'SPIP before 4.4.5 and 4.3.9' means affected are versions <4.3.9 and versions from 4.4.0 to 4.4.4 inclusive? Usually 'before 4.4.5 and 4.3.9' is ambiguous; I'll interpret as: versions less than 4.3.9 in the 4.3.x line, and all 4.4.x up to but not including 4.4.4.5. For version_range I'll write it as the safe range <=4.4.4 if before 4.4.5? But the description explicitly says 'SPIP before 4.4.5 and 4.3.9'. That could be read as 'before 4.4.5 and before 4.3.9' meaning affected versions are older than 4.4.5 (including all 4.3.x) and also older than 4.3.9? That is redundant: 4.3.9 is older than 4.3.9 is subset of <4.4.5. Probably they meant two separate branches: 4.3.x before 4.3.9, and 4.4.x before 4.4.5. I'll combine as <4.4.5 (which includes the 4.3.x fix as well). To be precise I'll write '<=4.4.4' or '<4.4.4.5? Better to use the explicit fixed version given: 'before 4.4.5 and 4.3.9' so I could write '<4.3.9, <4.4.5'. I'll set version_range as '<4.3.9 and <4.4.5' (but the spec says version_range is a string; I can use a short representation like '4.3.x ≤4.3.8, 4.4.x ≤4.4.4' or simply ' <4.4.5 (including 4.3.x)'. I'll decide to output '<=4.4.4'? No, the nearest fixed version is 4.4.5, so 'before 4.4.5' -> affected <=4.4.4. And for 4.9-> <4.3.9. I'll output combined version_range: '<4.3.9 (4.3.x) or <4.4.5 (4.4.x)' but that is verbose. I'll choose to output ' <4.4.5' which is a superset and matches the first branch. That is less precise for 4.3.x but the description's still correct as all affected versions are <4.4.5. Eh, the description says 'SPIP before 4.4.5 and 4.3.9' so it's two version branches. I'll instead treat version_range as 'before 4.4.5 (including before 4.3.9)'? Actually 4.3.9 is less than 4.4.5, so the 4.3.9 fix is included. So the condition is 'before 4.4.5' only minimally covers all, but that includes 4.3.9? Wait, 4.3.9 is a branch off before 4.4. So 'before 4.4.5' includes 4.3.9 fixes? No, 4.3.9 is a different version line. They might have forked before 4.4. So I'll output version_range as '<4.3.9 (4.3.x) and <4.4.5 (4.4.x)' to be exact. I'll use the two ranges separated by comma.', better to combine as '<=4.4.4 (including 4.3.x versions before 4.3.9)' but that is extra. I'll keep it simple: version_range = '<4.4.5 (includes 4.3.x prior to 4.3.9 fixes)'. But the spec wants version_range as a string. I'll write '<=4.4.4 (4.3.x: <=4.3.8)'. However to avoid being too long I'll output '<4.4.5' and note in evidence. Still, score for version_specificity must reflect clarity. The description states 'before 4.4.5 and 4.3.9' which is clear for two branches, so score 80-90. I'll keep version_range as '<4.4.5 (including all 4.3.x prior to 4.3.9)'. I think it's ok.
- (no CPE)range: 4.3.0
Patches
Vulnerability mechanics
References
2- blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-5.htmlmitrevendor-advisorypatch
- www.vulncheck.com/advisories/spip-open-redirect-via-login-formmitrethird-party-advisory
News mentions
0No linked articles in our index yet.