← back
CVE-2025-63828

CVE-2025-63828

CVSS 6.1 MEDIUMEPSS 0.2%CWE-601
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Nov 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →