Moderate severityNVD Advisory· Published Nov 18, 2025· Updated Nov 19, 2025
CVE-2025-63828
CVE-2025-63828
Description
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
backdrop/backdropPackagist | <= 1.32.0 | — |
Affected products
2- Backdrop CMS/Backdrop CMSdescription
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.