Home > Vulnerability Database > CVE-2025-60868

Mend.io Vulnerability Database

CVE-2025-60868

Good to know:

Date: October 9, 2025

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter pollution, or denial of service.

Severity Score

6.5

Related Resources (7)

Url: https://gist.github.com/kasiasok/870933de18d1400fa8be88e1bcadec6c

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-60868

Url: https://github.com/alt-design/Alt-Redirect-Addon/commit/5dc6753c7151ac994c63e18914998991b1f65cbd

Url: https://github.com/alt-design/Alt-Redirect-Addon/releases/tag/v1.6.4

Url: https://github.com/alt-design/Alt-Redirect-Addon

Url: https://statamic.com/addons/alt-design/alt-redirects/release-notes

Url: https://www.mend.io/vulnerability-database/CVE-2025-60868

Severity Score

6.5

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

Top Fix

Upgrade Version

Upgrade to version alt-design/alt-redirect - v1.6.4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-60868

Good to know:

Date: October 9, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?