How severe is CVE-2025-27913?

CVE-2025-27913 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-27913

Name: passbolt_api
Author: passbolt

7.5HIGH

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attack

게시됨: 3/10/2025업데이트됨: 6/19/2025

설명

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

AI 분석AI 기반

영향받는 제품

passboltpassbolt_api

참조

https://www.passbolt.com/incidents/host-header-injection
MitigationVendor Advisory