1. Home
  2. CVE Database
  3. CVE-2025-29993
MEDIUM · 5.3

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.

Vulnerability Description

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-74

References

FAQ

What is CVE-2025-29993?

CVE-2025-29993 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.

How severe is CVE-2025-29993?

CVE-2025-29993 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-29993?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.