CVE-2025-61541 | Webmin 2.510 Header forgot_send.cgi get_webmin_email_url Host password recovery

A vulnerability identified as problematic has been detected in Webmin 2.510. Affected by this issue is the function get_webmin_email_url of the file forgot_send.cgi of the component Header Handler. This manipulation of the argument Host causes weak password recovery.

This vulnerability appears as CVE-2025-61541. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More