PT-2025-42541 · Unknown · Drawing-Captcha-App

Published

2025-10-16

Updated

2025-10-16

CVE-2025-62428

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Drawing-Captcha APP versions prior to 1.2.5-alpha-patch

Description Drawing-Captcha APP is susceptible to a Host Header Injection affecting the /register and /confirm-email API endpoints. An attacker can manipulate the Host header in HTTP requests to create malicious email confirmation links. These links can redirect users to domains controlled by the attacker. This impacts all users who depend on email confirmation for account registration or verification. The vulnerable parameters are the Host header in HTTP requests.

Recommendations Update to version 1.2.5-alpha-patch or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-62428

GHSA-5PJ8-FC6G-VV7M

Affected Products

Drawing-Captcha-App

PT-2025-42541 · Unknown · Drawing-Captcha-App

CVE-2025-62428

Weakness Enumeration

Related Identifiers

Affected Products

References · 8