Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.9 views

CVE-2025-48936

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.8CVSS7.5AI score0.00358EPSS
Exploits0References1
Circl
Circl
added 2025/05/30 8:8 a.m.29 views

CVE-2025-48936

creationtimestamp| type| source ---|---|--- 2025-05-30 08:08:14+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqerkttznse2 2025-05-30 12:15:03+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114596728193306173...

8.8CVSS8.1AI score0.00358EPSS
Exploits0References2
CVE
CVE
added 2025/05/30 6:30 a.m.70 views

CVE-2025-48936

Zitadel( open-source identity infrastructure) contains a header-based password reset vulnerability prior to versions 2.70.12, 2.71.10, and 3.2.2. The password reset link is built using the Forwarded/X-Forwarded-Host header, allowing an attacker to craft a reset URL to a malicious domain via heade...

8.8CVSS8.4AI score0.00358EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/30 6:30 a.m.8 views

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.1CVSS8.4AI score0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/30 6:30 a.m.17 views

CVE-2025-48936 ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection

Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

8.1CVSS0.00358EPSS
Exploits0References2
Rows per page
Query Builder