GHSA-4hr2-xf7w-jf76: Central Dogma's Login Function Has an Open Redirect Vulnerability

Skip to content

Navigation Menu

• • AI CODE CREATION

    • GitHub CopilotWrite better code with AI

    • GitHub SparkBuild and deploy intelligent apps

    • GitHub ModelsManage and compare prompts

    • MCP RegistryNewIntegrate external tools

View all features

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2025-11222

Central Dogma’s Login Function Has an Open Redirect Vulnerability

Moderate severity GitHub Reviewed Published Dec 4, 2025 in line/centraldogma • Updated Dec 4, 2025

Package

maven com.linecorp.centraldogma:centraldogma-server-auth-shiro (Maven)

Affected versions

< 0.78.0

Description

Impact

Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance.

Patches

This vulnerability is addressed and resolved in Central Dogma version 0.78.0. The server operators who run Central Dogma server with Shiro authentication are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the open redirect vulnerability.

Workarounds

Implement AuthProvider to overrides webLoginService().

References

• https://cwe.mitre.org/data/definitions/601.html

References

• GHSA-4hr2-xf7w-jf76
• https://nvd.nist.gov/vuln/detail/CVE-2025-11222
• line/centraldogma#1207
• line/centraldogma@95e7bbd

Published to the GitHub Advisory Database

Dec 4, 2025

EPSS score