VYPR
High severity8.1NVD Advisory· Published Feb 28, 2025· Updated Jun 17, 2026

CVE-2025-25477

CVE-2025-25477

Description

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Syspass/Syspasscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 3.2x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.