{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-61166", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T19:31:38.527Z", "dateReserved": "2025-09-26T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T17:13:42.365Z"}, "descriptions": [{"lang": "en", "value": "An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://linkedin.com/in/thakur-nikhil"}, {"url": "https://medium.com/@rajput.thakur/malicious-open-redirection-cve-2025-61166-bf5d708cd241"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T19:30:53.616812Z", "id": "CVE-2025-61166", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:31:38.527Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-61166", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T19:30:53.616812Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:29:36.282Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://linkedin.com/in/thakur-nikhil"}, {"url": "https://medium.com/@rajput.thakur/malicious-open-redirection-cve-2025-61166-bf5d708cd241"}], "descriptions": [{"lang": "en", "value": "An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T17:13:42.365Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61166", "state": "PUBLISHED", "dateUpdated": "2026-04-06T19:31:38.527Z", "dateReserved": "2025-09-26T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL."}], "id": "CVE-2025-61166", "lastModified": "2026-04-06T20:16:21.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T18:16:41.070", "references": [{"source": "cve@mitre.org", "url": "https://linkedin.com/in/thakur-nikhil"}, {"source": "cve@mitre.org", "url": "https://medium.com/@rajput.thakur/malicious-open-redirection-cve-2025-61166-bf5d708cd241"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-06T21:23:52.447704+00:00", "value": {"mitigation_remediation": ["Apply any vendor patch or update to Ascertia SigningHub User if available", "If a patch is unavailable, restrict or validate redirect URLs to only allow internal destinations", "Implement web filtering or DNS blocking to prevent automatic redirects to malicious domains", "Educate users about the risk of clicking unfamiliar links and verify URLs before access"], "summary": {"action": "Assess Impact", "impact": "Redirection to Malicious Site"}, "threat_synthesis": {"affected_systems": "The vulnerability affects only Ascertia SigningHub User, specifically version 10.0. No other vendors or product versions are listed as affected.", "description_and_impact": "An open redirect has been identified in Ascertia SigningHub User version 10.0 that allows an attacker to craft a URL which, when visited by a legitimate user, redirects them to an arbitrary external site. This can enable phishing, the delivery of malicious content, or other social\u2011engineering attacks. The weakness arises from insufficient validation of the redirect target parameter, a typical instance of CWE\u2011601.", "risk_and_exploitability": "The CVSS score is not publicly available, and the exploit probability score is not provided. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote via a crafted URL that a user is made to click. Exploitation requires no special privileges or local access; an attacker simply needs to convince a user to follow the malicious link. Because no patch or workaround is currently documented, the risk remains until a vendor update or mitigation is applied."}}}}, "created": "2026-04-06T21:47:40.812626+00:00", "title": "Open Redirect Vulnerability in Ascertia SigningHub User 10.0", "updated": "2026-04-06T21:47:40.812659+00:00", "vendors": [], "weaknesses": ["CWE-601"]}