CVE-2025-22381

HIGH

Aggie 2.6.1 - Open Redirect

Title source: llm

Description

Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user's password.

Exploits (1)

nomisec WRITEUP 1 stars
by pescada-dev · poc
https://github.com/pescada-dev/CVE-2025-22381

References (3)

Scores

CVSS v3 8.2
EPSS 0.0003
EPSS Percentile 7.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Details

CWE
CWE-620
Status published
Published Oct 16, 2025
Tracked Since Feb 18, 2026