CVE-2025-62428

216.73.216.6

· Published 16/10/2025 19:15 · Modified 16/10/2025 19:15

Labels: CVE-2025-62428 2025-10-16 CVE-2025-62428 CWE-601 [email protected]

Essential information

Published: 16/10/2025 19:15
Modified: 16/10/2025 19:15
Author: —
Creator: —
CVSS: 8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to generate malicious email confirmation links. These links can redirect users to attacker-controlled domains. This vulnerability affects all users relying on email confirmation for account registration or verification. This vulnerability is fixed in 1.2.5-alpha-patch.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
drawing-captcha / drawing-captcha app	`cpe:2.3:a:drawing-captcha:drawing-captcha_app::::::::`
drawing-captcha / drawing-captcha app	`cpe:2.3:a:drawing-captcha:drawing-captcha_app:1.2.5-alpha-patch:::::::*`