CVE-2025-61541 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using t…
High CVSS: 7.1

CVE-2025-61541

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header to inject a malicious domain into the reset email. If a victim follows the poisoned link, the attacker can intercept the reset token and gain full control of the target account.
Vendor
Webmin
Product
Webmin
CWE
CWE-284
Yayın Tarihi
2025-10-16 15:15:34
Güncelleme
2025-11-06 22:20:36
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-284 Webmin HIGH Webmin 2025

Referanslar

http://www.webmin.com/ https://github.com/bugdotexe/Vulnerability-Research/tree/main/CVE-2025-61541 https://github.com/webmin/webmin