CVE-2025-66025 – Caido Improperly Handles External Links in Markdown

CVE ID : CVE-2025-66025

Published : Nov. 26, 2025, 3:15 a.m. | 1 hour, 4 minutes ago

Description : Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66026 – REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]

CVE-2025-66022 – FACTION Unauthenticated Custom Extension Upload leads to RCE

CVE-2025-66269 – Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM

CVE-2025-66266 – Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation