CVE-2025-67713 - Miniflux 2 has an Open Redirect via protocol-relative `redirect_url`

CVE ID : CVE-2025-67713 Published : Dec. 11, 2025, 12:17 a.m. | 38 minutes ago Description : Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor