Movable%20Type%20Premium%20(Software%20Edition)

2Vulnerabilities found

CVE-2025-55706

Assigner-JPCERT/CC

View Details

Assigner-JPCERT/CC

CVSS Score-5.1||MEDIUM

EPSS-0.03% / 7.57%

7 Day CHG~0.00%

Published-20 Aug, 2025 | 04:23

Updated-20 Aug, 2025 | 15:57

URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.

Vendor-Six Apart Ltd.

Product-Movable Type Premium (Cloud Edition)Movable Type Advanced (Software Edition)Movable Type Premium (Software Edition)Movable Type (Cloud Edition)Movable Type (Software Edition)Movable Type Premium (Advanced Edition) (Software Edition)

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2025-53522

Assigner-JPCERT/CC

View Details

Assigner-JPCERT/CC

CVSS Score-6.9||MEDIUM

EPSS-0.03% / 5.37%

7 Day CHG~0.00%

Published-20 Aug, 2025 | 04:22

Updated-20 Aug, 2025 | 16:00

Movable Type contains an issue with use of less trusted source. If exploited, tampered email to reset a password may be sent by a remote unauthenticated attacker.

Vendor-Six Apart Ltd.

Product-Movable Type (Software Edition)Movable Type Advanced (Software Edition)Movable Type Premium (Advanced Edition) (Software Edition)Movable Type (Cloud Edition)Movable Type Premium (Cloud Edition)Movable Type Premium (Software Edition)

CWE ID-CWE-348

Use of Less Trusted Source

N/A

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -