CVE-2025-13434

Name of the Vulnerable Software and Affected Versions jameschz Hush Framework version 2.0

Description A flaw exists in the HTTP Host Header Handler component of jameschz Hush Framework 2.0, specifically within the file Hushhush-libhushUtil.php. Improper neutralization of http headers for scripting syntax occurs due to manipulation of the $ SERVER['HOST'] argument within an unknown function. This issue can be exploited remotely. The exploit has been publicly released.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.