VYPR
High severity7.1NVD Advisory· Published Oct 23, 2025· Updated Apr 15, 2026

CVE-2025-61132

CVE-2025-61132

Description

A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Levlaz/Braindumpreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 0.4.14

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.