CVE-2025-3026

Name of the Vulnerable Software and Affected Versions EJBCA version 8.0 Enterprise

Description The issue exists in the EJBCA service, where modifying the Host header in an HTTP request allows manipulation of generated links, potentially redirecting the client to a different base URL. This could enable an attacker to insert their own server, receiving HTTP requests from the client, if the issue is successfully exploited.

Recommendations For version 8.0 Enterprise, consider restricting modifications to the Host header in HTTP requests as a temporary mitigation measure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.