CNNVD-202511-2005 Information

Nov 18, 2025 cve

CNNVD ID

CNNVD-202511-2005

CVE-2025-63828

CNNVD Published: 2025-11-18

Description (Chinese)

Backdrop CMS是Backdrop CMS开源的一个内容管理系统（CMS）。 Backdrop CMS 1.32.1版本存在安全漏洞，该漏洞源于密码重置请求中Host标头操作不当，可能导致重定向到恶意域和会话劫持。

Description (English)

Backdrop CMS is an open-source content management system (CMS) for Backdrop CMS. Backdrop CMS 1.32.1 has a security loophole, which stems from the mishandling of the host header in the password replacement request, which may lead to a redirection to malicious domains and session hijacking.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Backdrop CMS

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/mertdurum06/BackdropCms-1.32.1/ https://github.com/mertdurum06/BackdropCms-1.32.1/blob/main/backdropcms_exploit.txt https://access.redhat.com/security/cve/cve-2025-63828

Share on: