PT-2025-28173 · Hashview · Hashview
Rui Yang
+1
·
Published
2025-07-07
·
Updated
2025-07-07
·
CVE-2025-43930
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Hashview version 0.8.1
Description:
The issue allows for account takeover via the password reset feature. This is because the
SERVER NAME is not configured, causing the password reset to depend on the Host HTTP header.Recommendations:
For Hashview version 0.8.1, configure the
SERVER NAME to prevent the password reset feature from relying on the Host HTTP header. As a temporary workaround, consider restricting access to the password reset feature until the SERVER NAME is properly configured.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hashview