CVE-2025-52968: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-52968 is a disputed vulnerability discovered and disclosed on June 23, 2025, affecting xdg-open in xdg-utils through version 1.2.1. The vulnerability involves the potential for SameSite=Strict cookies to be sent in requests, which could facilitate Cross-Site Request Forgery (CSRF) attacks (NVD, Wiz).

The vulnerability centers on xdg-open's behavior when handling URL requests. When a browser is launched via xdg-open to open a URL, it interprets the navigation as if the user manually typed the URL into the address bar, causing SameSite=Strict cookies to be included in the request. This differs from standard in-browser link navigation where SameSite=Strict cookies are intentionally excluded for CSRF protection. The vulnerability has been assigned a CVSS v3.1 Base Score of 2.7 (LOW) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N (OSS Security).

The primary impact of this vulnerability is the potential bypass of CSRF protections. When applications use xdg-open to launch URLs, the browser treats these requests as user-initiated top-level navigation, allowing SameSite=Strict cookies to be sent. This creates a security inconsistency where navigating via xdg-open results in weaker security compared to navigating from within the browser itself (OSS Security).

Several recommendations have been proposed including: introducing an 'untrusted' mode in browser CLI tools for opening external URLs, extending xdg-open to support passing an 'untrusted' flag to the browser, and modifying desktop environments to invoke xdg-open with appropriate security context. Browser vendors are currently reviewing the issue and exploring potential fixes (OSS Security).

The vulnerability has been reported to multiple Linux distribution security teams and browser vendors. The issue is currently under review by major browser vendors who acknowledge the need for action, though no specific fix has been finalized (Wiz).