CVE-2025-2418 PUBLISHED

Open Redirect in TR7's Web Application Firewall

Assigner: TR-CERT
Reserved: 17.03.2025 Published: 16.02.2026 Updated: 16.02.2026

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing.This issue affects Web Application Firewall: from 4.30 through 16022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 4.3

Attack Vector	Adjacent Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	TR7 Cyber Defense Inc.
Product	Web Application Firewall
Versions	Default: affected affected from 4.30 to 16022026 (incl.)

Credits

Regaip KURT finder

References

https://www.usom.gov.tr/bildirim/tr-26-0066

Problem Types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect') CWE

Impacts

CAPEC-98 Phishing