CVE-2025-64754 LOW

CVE-2025-64754: Jitsi Meet has DOM Redirect on Microsoft OAuth Flow

Vendor Jitsi
Product jitsi-meet
Weakness CWE-601 · Open redirect
Published November 13, 2025
Last update November 14, 2025

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.

Key dates

02Disclosure timeline

November 13, 2025 CVE published
November 14, 2025 Record updated