CVE-2025-60868

Medium CVSS: 6.5

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter pollution, or denial of service.

Vendor

Product

CWE

CWE-290

Yayın Tarihi

2025-10-10 14:15:43

Güncelleme

2025-10-14 19:36:59

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-290 MEDIUM 2025

Referanslar

https://gist.github.com/kasiasok/870933de18d1400fa8be88e1bcadec6c https://statamic.com/addons/alt-design/alt-redirects/release-notes