PT-2025-27434 · Unknown · Hotspot Shield Vpn
Published
2025-06-30
·
Updated
2025-07-01
·
CVE-2025-40710
CVSS v4.0
2.3
Low
| Vector | AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Hotspot Shield VPN client (affected versions not specified)
Description:
The issue concerns a Host Header Injection (HHI) vulnerability, which can cause unexpected behavior when accessing third-party web applications through the VPN tunnel. This vulnerability allows an attacker to forge a Host header, potentially leading to open redirects or the delivery of traffic to infrastructure controlled by the attacker. The vulnerability is related to how the VPN client internally handles outgoing headers and requests, rather than a flaw in the target applications.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hotspot Shield Vpn