VYPR
High severity8.8NVD Advisory· Published Nov 11, 2021· Updated Jun 17, 2026

CVE-2021-25980

CVE-2021-25980

Description

In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Talkyard/Talkyardllm-create
    Range: v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular
  • debiki/Talkyardcpe-rescue
    Range: v0.04.01

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.