diff --git a/gems/google_sign_in/CVE-2025-57821.yml b/gems/google_sign_in/CVE-2025-57821.yml
new file mode 100644
index 0000000000..3429eb3a58
--- /dev/null
+++ b/gems/google_sign_in/CVE-2025-57821.yml
@@ -0,0 +1,55 @@
+---
+gem: google_sign_in
+cve: 2025-57821
+ghsa: 7pwc-wh6m-44q3
+url: https://github.com/basecamp/google_sign_in/security/advisories/GHSA-7pwc-wh6m-44q3
+title: Google Sign-In for Rails allowed redirects to malformed URLs
+date: 2025-08-27
+description: |
+  ### Summary
+
+  It is possible to craft a malformed URL that passes the "same origin"
+  check, resulting in the user being redirected to another origin.
+
+  ### Details
+
+  The google_sign_in gem persists an optional URL for redirection after
+  authentication. If this URL is malformed, it's possible for the user
+  to be redirected to another origin after authentication, possibly
+  resulting in exposure of authentication information such as the token.
+
+  Normally the value of this URL is only written and read by the library.
+  If applications are configured to store session information in a
+  database, there is no known vector to exploit this vulnerability.
+  However, applications may be configured to store this information
+  in a session cookie, in which case it may be chained with a session
+  cookie attack to inject a crafted URL.
+
+  ### Impact
+
+  Rails applications configured to store the `flash` information in
+  a session cookie may be vulnerable, if this can be chained with an
+  attack that allows injection of arbitrary data into the session cookie.
+
+  ### Workarounds
+
+  If you are unable to upgrade this library, then you may mitigate
+  the chained attack by explicitly setting `SameSite=Lax` or
+  `SameSite=Strict` on the application session cookie.
+
+  ### Credits
+
+  This issue was responsibly reported by Hackerone user
+  [muntrive](https://hackerone.com/muntrive?type=user).
+cvss_v3: 4.2
+patched_versions:
+  - ">= 1.3.0"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-57821
+    - https://github.com/basecamp/google_sign_in/security/advisories/GHSA-7pwc-wh6m-44q3
+    - https://github.com/basecamp/google_sign_in/releases/tag/v1.3.0
+    - https://github.com/basecamp/google_sign_in/commit/a0548a604fb17e4eb1a57029f0d87e34e8499623
+    - https://github.com/basecamp/google_sign_in/pull/73
+    - https://github.com/basecamp/google_sign_in/commit/85903651201257d4f14b97d4582e6d968ac32f15
+    - https://github.com/advisories/GHSA-7pwc-wh6m-44q3