CVE-2025-23001

Name of the Vulnerable Software and Affected Versions CTFd version 3.7.5

Description A Host Header Injection issue exists due to the application's failure to properly validate or sanitize the Host header. This allows an attacker to manipulate the Host header in HTTP requests, potentially leading to phishing attacks, password reset, or cache poisoning.

Recommendations For CTFd version 3.7.5, as a temporary workaround, consider implementing proper validation and sanitization of the Host header to prevent manipulation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.