VYPR
Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025

Improper Neutralization of Special Elements vulnerability in EJBCA

CVE-2025-3026

Description

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • osv-coords
    Range: >= 8.0.0, < 9.1.0
  • PrimeKey Solutions AB/EJBCAv5
    Range: 8.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.