How severe is CVE-2025-27913?

CVE-2025-27913 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-27913

Name: passbolt_api
Author: passbolt

7.5HIGH

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attack

Publicado: 3/10/2025Actualizado: 6/19/2025

Descripción

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

Análisis IAImpulsado por IA

Productos Afectados

passboltpassbolt_api

Referencias

https://www.passbolt.com/incidents/host-header-injection
MitigationVendor Advisory