CVE-2025-43932 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP…
Critical CVSS: 9.8

CVE-2025-43932

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
Vendor
-
Product
-
CWE
CWE-640
Yayın Tarihi
2025-07-07 16:15:23
Güncelleme
2025-07-08 18:15:28
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-640 CRITICAL 2025

Referanslar

https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txt https://github.com/guomaoqiu/JobCenter/issues/18