1. Home
  2. CVE Database
  3. CVE-2025-63828
MEDIUM · 6.1

CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hi...

Vulnerability Description

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
BackdropcmsBackdrop Cms1.32.1

Related Weaknesses (CWE)

CWE-601

References

FAQ

What is CVE-2025-63828?

CVE-2025-63828 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hi...

How severe is CVE-2025-63828?

CVE-2025-63828 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63828?

Check the references section above for vendor advisories and patch information. Affected products include: Backdropcms Backdrop Cms.