Common Weakness Enumeration
CWE-698
AllowedExecution After Redirect (EAR)
Abstraction: Base · Status: Incomplete
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
31 vulnerabilities reference this CWE, most recent first.
GHSA-QCVR-PQ9V-99VC
Vulnerability from github – Published: 2025-07-29 06:30 – Updated: 2025-07-29 06:30
VLAI
Details
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-53077"
],
"database_specific": {
"cwe_ids": [
"CWE-698"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-29T05:15:31Z",
"severity": "MODERATE"
},
"details": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.",
"id": "GHSA-qcvr-pq9v-99vc",
"modified": "2025-07-29T06:30:21Z",
"published": "2025-07-29T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53077"
},
{
"type": "WEB",
"url": "https://security.samsungda.com/securityUpdates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.