Cybersecurity Vulnerabilities

CVE-2025-66025: Beware the Links! Caido’s Findings Page Hit by Markdown Injection

November 26, 2025 - By 

Overview

CVE-2025-66025 describes a medium severity vulnerability affecting Caido, a web security auditing toolkit. Specifically, versions prior to 0.53.0 are susceptible to Markdown injection within the Findings page. This flaw allows attackers to inject malicious links into findings generated by the scanner or other plugins. When a user clicks on these injected links, they could be redirected to an attacker-controlled domain, potentially leading to phishing attacks or other malicious activities.

Technical Details

The vulnerability stems from the improper handling of user-supplied Markdown within Caido’s Markdown renderer used in the Findings page. The application fails to adequately sanitize or validate Markdown links embedded in finding reports. This allows an attacker to craft a finding report containing malicious links that, when rendered by Caido, appear legitimate. When a user interacts with these links, they are unknowingly redirected outside of the secure Caido environment to a domain controlled by the attacker. The attack vector is through manipulated scanner outputs or custom plugins that generate vulnerable Markdown.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-66025 is 4.3 (Medium).

  • Attack Vector: Network (AV:N)
  • Attack Complexity: Low (AC:L)
  • Privileges Required: None (PR:N)
  • User Interaction: Required (UI:R)
  • Scope: Unchanged (S:U)
  • Confidentiality Impact: None (C:N)
  • Integrity Impact: Low (I:L)
  • Availability Impact: None (A:N)

This score reflects the fact that user interaction is required (clicking the malicious link) to trigger the vulnerability, and the impact is primarily on integrity, potentially leading to phishing or other user-specific compromise, rather than compromising the entire system’s confidentiality or availability.

Possible Impact

Successful exploitation of this vulnerability could result in:

  • Phishing Attacks: Users could be redirected to fake login pages designed to steal their credentials.
  • Malware Distribution: Users could be tricked into downloading and installing malware from attacker-controlled sites.
  • Social Engineering: Attackers could leverage the trusted context of Caido to manipulate users into performing actions that compromise their security.

Mitigation

The vulnerability has been patched in Caido version 0.53.0. To mitigate the risk, users are strongly advised to:

  • Upgrade to version 0.53.0 or later: This update contains the necessary fix to properly sanitize Markdown links.
  • Exercise Caution: Be cautious when clicking links within finding reports, especially if the origin of the finding is untrusted.

References

GHSA-cf52-h5mw-gmc2 – Caido Security Advisory

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *