CVE-2025-11222

Published Dec 4, 2025
·
Updated

### Impact Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance. ### Patches This vulnerability is addressed and resolved in Central Dogma version 0.78.0. The server operators who run Central Dogma server with Shiro authentication are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the open redirect vulnerability. ### Workarounds Implement `AuthProvider` to overrides `webLoginService()`. ### References - https://cwe.mitre.org/data/definitions/601.html

Affected Software

3 affected componentsFixes available
Central Dogma Central Dogma<0.78.0
maven/com.linecorp.centraldogma:centraldogma-server-auth-shiro<0.78.0
0.78.0
linecorp Central Dogma<0.78.0

Event History

Dec 4, 2025
CVE Published
via MITRE·12:18 PM
Data Sourced
via MITRE·12:18 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·01:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·01:15 PM
Affected Software
Advisory Published
via GitHub·04:57 PM
Data Sourced
via GitHub·04:57 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-11222?

CVE-2025-11222 is categorized as a moderate severity vulnerability due to its potential for facilitating phishing attacks.

2

How do I fix CVE-2025-11222?

To fix CVE-2025-11222, upgrade to Central Dogma version 0.78.0 or later.

3

What type of vulnerability is CVE-2025-11222?

CVE-2025-11222 is an Open Redirect vulnerability.

4

What could attackers achieve with CVE-2025-11222?

Attackers could use CVE-2025-11222 to redirect users to untrusted sites, potentially leading to credential theft.

5

Which versions of Central Dogma are affected by CVE-2025-11222?

Central Dogma versions prior to 0.78.0 are affected by CVE-2025-11222.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203