VYPR

Retool (self-hosted)

by Retool

CVEs (1)

  • CVE-2025-47424HigMay 9, 2025
    risk 0.46cvss 7.1epss 0.00

    Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.