CVE-2025-29993 Information

Description

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL such as password reset mail.

Reference

https://jvn.jp/en/jp/JVN39026557/ https://www.powercms.jp/news/release-powercms-661-528-459.html