What is GHSA-4hr2-xf7w-jf76?

GHSA-4hr2-xf7w-jf76 is a security advisory published by GitHub Security Advisories with Medium severity. Central Dogma's Login Function Has an Open Redirect Vulnerability

Which CVE IDs does GHSA-4hr2-xf7w-jf76 cover?

GHSA-4hr2-xf7w-jf76 covers the following CVE IDs: CVE-2025-11222. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4hr2-xf7w-jf76?

GHSA-4hr2-xf7w-jf76 has a CVSS v3 base score of 6.1, published by GitHub Security Advisories.

Which products are affected by GHSA-4hr2-xf7w-jf76?

GHSA-4hr2-xf7w-jf76 affects 1 product, including: maven/com.linecorp.centraldogma:centraldogma-server-auth-shiro:\u003c 0.78.0.

GHSA-4hr2-xf7w-jf76MediumCVSS 6.1

Central Dogma's Login Function Has an Open Redirect Vulnerability

Vendor

GitHub Security Advisories

Published

December 4, 2025

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2025-11222 →

📋 Description

Impact

Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance.

Patches

This vulnerability is addressed and resolved in Central Dogma version 0.78.0. The server operators who run Central Dogma server with Shiro authentication are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the open redirect vulnerability.

Workarounds

Implement AuthProvider to overrides webLoginService().

References

https://cwe.mitre.org/data/definitions/601.html

🎯 Affected products1

maven/com.linecorp.centraldogma:centraldogma-server-auth-shiro:< 0.78.0