CVE-2025-64116 MEDIUM

CVE-2025-64116: Movary vulnerable to an open redirect

Vendor Leepeuker
Product movary
Weakness CWE-601 · Open redirect
Published October 30, 2025
Last update October 31, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.

Key dates

02Disclosure timeline

October 30, 2025 CVE published
October 31, 2025 Record updated