216.73.217.64

CVE-2025-63828

· Published 18/11/2025 18:16 · Modified 24/11/2025 14:02

Labels: CVE-2025-63828 2025-11-18CVE-2025-63828CWE-601[email protected]

Essential information

Published
18/11/2025 18:16
Modified
24/11/2025 14:02
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
backdropcms / backdrop cms cpe:2.3:a:backdropcms:backdrop_cms:1.32.1:*:*:*:*:*:*:*

References