CVE-2025-35939 | Craft CMS up to 4.15.2/5.7.4 Response Header session_value external control of assumed-immutable web parameter

A vulnerability was found in Craft CMS up to 4.15.2/5.7.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Response Header Handler. The manipulation of the argument session_value leads to external control of assumed-immutable web parameter.

This vulnerability is handled as CVE-2025-35939. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More