CVE-2025-26058

low-risk

Published 2025-02-18

Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.2/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Qloapps

Affected Vendors

Webkul

References (1)

Exploit https://github.com/mano257200/QloApps-VUL

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal