Unrated severityNVD Advisory· Published Mar 31, 2025· Updated Mar 31, 2025
Improper Neutralization of Special Elements vulnerability in EJBCA
CVE-2025-3026
Description
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PrimeKey Solutions AB/EJBCAv5Range: 8.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.