CVE-2025-32962: 
Python vulnerability analysis and mitigation

Flask-AppBuilder, an application development framework built on top of Flask, was found to contain an open redirect vulnerability (CVE-2025-32962) affecting versions prior to 4.6.2. The vulnerability was disclosed on May 16, 2025, and allows malicious unauthenticated actors to perform an open redirect by manipulating the Host header in HTTP requests (GitHub Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited remotely (Network), requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site) (GitHub Advisory, Wiz).

The vulnerability allows attackers to perform open redirects by manipulating HTTP Host headers, which could potentially lead to phishing attacks or redirect users to malicious websites. The impact is primarily focused on confidentiality with a low severity rating, while integrity and availability are not affected (Wiz).

The vulnerability has been patched in Flask-AppBuilder version 4.6.2, which introduced the FABSAFEREDIRECT_HOSTS configuration variable. This allows administrators to explicitly define which domains are considered safe for redirection. For users unable to upgrade immediately, it is recommended to use a reverse proxy to enforce trusted host headers (GitHub Advisory, GitHub Commit).