Home > Vulnerability Database > CVE-2025-26058

Mend.io Vulnerability Database

CVE-2025-26058

Date: February 17, 2025

Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.

Severity Score

4.2

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-26058

Url: https://github.com/mano257200/QloApps-VUL

Url: https://www.mend.io/vulnerability-database/CVE-2025-26058

Severity Score

4.2

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Use of GET Request Method With Sensitive Query Strings

CWE-598

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-26058

Date: February 17, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?