CVE-2025-61132

HIGH

levlaz braindump <0.4.14 - Host Header Injection

Title source: llm

Description

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.

References (5)

[Various Sources] https://drive.google.com/file/d/1FmkctLdOTGMdy6GgLaTzfxemdVDeiA7J/view?usp=sharing

[Various Sources] https://gist.github.com/BrookeYangRui/94c3bee0c2cbc1ed81a21d4448550c21

[Various Sources] https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/auth/views.py#L131-L148

View Writeup ZIP pw:eip

[Various Sources] https://github.com/levlaz/braindump/blob/9640dd03f99851dbd34dd6cac98a747a4a591b01/app/templates/auth/email/reset_password.html#L1-L8

[Various Sources] https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning

Scores

CVSS v3 7.1

EPSS 0.0018

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-620

Status published

Published Oct 23, 2025

Tracked Since Feb 18, 2026