High severity7.1NVD Advisory· Published May 9, 2025· Updated Apr 15, 2026
CVE-2025-47424
CVE-2025-47424
Description
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <3.196.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.