CVE-2025-27913

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 10, 2025

Updated: Mar 11, 2025

CWE ID 348

Summary

CVE-2025-27913 is a vulnerability affecting the Passbolt API prior to version 5. If the server is misconfigured due to an incorrect installation process and neglect of Health Check results, an attacker can manipulate the HTTP Host header to send email messages from the Passbolt server using a domain name of their choice. This issue poses a significant security risk, as it allows an attacker to impersonate the Passbolt server and potentially gain unauthorized access to user accounts or sensitive data. It is crucial for Passbolt users to ensure proper installation and configuration of their API to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-27913

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations