How severe is CVE-2025-27913?

CVE-2025-27913 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-27913

Name: passbolt_api
Author: passbolt

7.5HIGH

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attack

Опубликовано: 3/10/2025Обновлено: 6/19/2025

Описание

Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

ИИ-АнализНа базе ИИ

Затронутые продукты

passboltpassbolt_api

Ссылки

https://www.passbolt.com/incidents/host-header-injection
MitigationVendor Advisory