CVE-2025-61132 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning an…
High CVSS: 7.1

CVE-2025-61132

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
Vendor
-
Product
-
CWE
CWE-620
Yayın Tarihi
2025-10-23 15:15:44
Güncelleme
2025-10-27 13:20:15
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-620 HIGH 2025

Referanslar

https://drive.google.com/file/d/1FmkctLdOTGMdy6GgLaTzfxemdVDeiA7J/view?usp=sharing https://gist.github.com/BrookeYangRui/94c3bee0c2cbc1ed81a21d4448550c21 https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/auth/views.py#L131-L148 https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/templates/auth/email/reset_password.html#L1-L8 https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning