What the vulnerability does
01Description
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.
CVE-2024-8527
HIGH
CVE-2024-8527: ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter
CVSS base score
8.6/10
CVSS vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Key dates
02Disclosure timeline
November 19, 2025
CVE published
November 19, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-6291 Keycloak: redirect_uri validation bypass
CVE-2025-1300 Open redirect in CodeChecker web server
CVE-2024-45082 IBM Cognos Analytics HTTP open redirection
CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
CVE-2021-23888 McAfee ePO unvalidated URL redirect vulnerability
