How severe is CVE-2025-27913?

CVE-2025-27913 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-27913

Name: passbolt_api
Author: passbolt

7.5HIGH

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attack

Published: 3/10/2025Updated: 6/19/2025

Description

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

AI AnalysisPowered by AI

Affected Products

passboltpassbolt_api

References

https://www.passbolt.com/incidents/host-header-injection
MitigationVendor Advisory