Cyber Resilience

CVE-2023-27292

MediumPublic PoC

Published: 28 February 2023

Published
28 February 2023
Modified
21 March 2025
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0147 81.3th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27292 is a medium-severity Open Redirect (CWE-601) vulnerability in Opencats Opencats. Its CVSS base score is 5.4 (Medium).

Operationally, ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-27292 is an open redirect vulnerability in OpenCATS that leads to template injection because of improper validation of user-supplied GET parameters. The flaw is tracked under CWE-601 and carries a CVSS 3.1 score of 5.4 reflecting network attack vector, low complexity, low privileges required, and required user interaction with changed scope.

An attacker who can supply crafted GET parameters to an affected OpenCATS instance may leverage the open redirect to trigger template injection, resulting in limited impacts to confidentiality and integrity.

The EPSS score for this CVE rose from a low baseline to a peak of 0.0774 on 2025-12-11 before receding to the current value of 0.0147, indicating a period of increased exploitation interest after disclosure. Further details are available in the Tenable research report at https://www.tenable.com/security/research/tra-2023-8.

EU & UK References

Vulnerability details

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

opencats
opencats
0.9.6

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-601

Security awareness includes verifying URLs and avoiding untrusted redirects that lead to malicious sites.

addresses: CWE-601

Validates redirect targets and URLs to ensure they conform to allowed destinations.

References