PT-2025-28175 · Jobcenter · Jobcenter
Rui Yang
+1
·
Published
2025-07-07
·
Updated
2025-07-07
·
CVE-2025-43932
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
JobCenter versions through 7e7b0b2
Description:
The issue allows for account takeover via the password reset feature. This is because the
SERVER NAME is not configured, causing the password reset to depend on the Host HTTP header.Recommendations:
For versions through 7e7b0b2, configure the
SERVER NAME to prevent the password reset feature from relying on the Host HTTP header. As a temporary workaround, consider restricting access to the password reset feature until the SERVER NAME is properly configured.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jobcenter