CVE-2025-62428

Vulnerability Description

Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to generate malicious email confirmation links. These links can redirect users to attacker-controlled domains. This vulnerability affects all users relying on email confirmation for account registration or verification. This vulnerability is fixed in 1.2.5-alpha-patch.

Related Weaknesses (CWE)

References

• https://github.com/Drawing-Captcha/Drawing-Captcha-APP/issues/30
• https://github.com/Drawing-Captcha/Drawing-Captcha-APP/security/advisories/GHSA-
• https://github.com/Drawing-Captcha/Drawing-Captcha-APP/issues/30

FAQ

What is CVE-2025-62428?

CVE-2025-62428 is a documented vulnerability. Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an att...

How severe is CVE-2025-62428?

CVSS scoring is not yet available for CVE-2025-62428. Check NVD for updates.

Is there a patch for CVE-2025-62428?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.