关键信息 漏洞编号: JVN#46925341 漏洞类型: open redirect (CWE-601) 受影响产品: web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior CVSS评分: - CVSS:4.0: AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Base Score 5.1 - CVSS:3.0: AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Base Score 4.7 CVE编号: CVE-2026-25198 关联漏洞: This case is an additional fix of JVN#02158640 影响: When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. 解决方案: Update the software to the latest version according to the information provided by the developer. 报告者: Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. 协调组织: JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.