5 matches found
CVE-2025-48936
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...
CVE-2025-48936
creationtimestamp| type| source ---|---|--- 2025-05-30 08:08:14+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqerkttznse2 2025-05-30 12:15:03+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114596728193306173...
CVE-2025-48936
Zitadel( open-source identity infrastructure) contains a header-based password reset vulnerability prior to versions 2.70.12, 2.71.10, and 3.2.2. The password reset link is built using the Forwarded/X-Forwarded-Host header, allowing an attacker to craft a reset URL to a malicious domain via heade...
CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...
CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...