CVE-2025-61543 | CraftMyCMS 4.0.2.2 HTTP Header Host password recovery

October 16, 2025 Yanac

A vulnerability marked as problematic has been reported in CraftMyCMS 4.0.2.2. This vulnerability affects unknown code of the component HTTP Header Handler. Performing manipulation of the argument Host results in weak password recovery.

This vulnerability is known as CVE-2025-61543. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More

CVE-2025-61539 | Ultimate PHP Board 2.2.7 lostpassword.php u_name cross site scripting
CVE-2025-41253 | VMware Spring Cloud Gateway Server Webflux 3.1.x/4.0.x/4.1.x/4.2.x/4.3.x Environment Variable expression language injection