How severe is CVE-2025-43933?

CVE-2025-43933 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-43933

9.8CRITICAL

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Veröffentlicht: 7/7/2025Aktualisiert: 7/8/2025

Beschreibung

fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

KI-AnalyseKI-gestützt

Referenzen

https://github.com/ghost123gg/fblog/blob/983bedec9f837a54ab2dfd358a9cb45504a2e709/app/templates/auth/email/resetPassword.html#L1-L8
https://github.com/ghost123gg/fblog/issues/5