How severe is CVE-2025-27913?

CVE-2025-27913 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-27913

Name: passbolt_api
Author: passbolt

7.5HIGH

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attack

Veröffentlicht: 3/10/2025Aktualisiert: 6/19/2025

Beschreibung

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

KI-AnalyseKI-gestützt

Betroffene Produkte

passboltpassbolt_api

Referenzen

https://www.passbolt.com/incidents/host-header-injection
MitigationVendor Advisory