CVE-2025-43932
Summary: JobCenter before patch 7e7b0b2 is vulnerable to account takeover via the password reset flow because SERVER_NAME is not configured, making the reset rely on the Host HTTP header. This root cause enables an attacker to abuse the reset mechanism, with CVSS v3.1 metrics indicating high impa...