CVE-2025-66025 - Caido Improperly Handles External Links in Markdown

CVE ID : CVE-2025-66025 Published : Nov. 26, 2025, 1:59 a.m. | 1 hour, 4 minutes ago Description : Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor