MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-61541

🔴 HIGH

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email...

Published
Oct 16, 2025
Last Modified
Oct 21, 2025
Views
2
Bookmarks
0

Description

Request Expert Review

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header to inject a malicious domain into the reset email. If a victim follows the poisoned link, the attacker can intercept the reset token and gain full control of the target account.

Affected Products (1)

webmin - webmin

Version: 2.510

CVSS Scores

CVSS 3.1 7.1
7.1
HIGH
CVSS 2.0 7.1

References

www.webmin.com github.com github.com

Additional Information

Source
cve@mitre.org
State
Undergoing analysis

Related CVEs

CVE-2025-62689

HIGH

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master bra...

Score: 7.5

CVE-2025-59777

HIGH

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master bra...

Score: 7.5

CVE-2025-12932

MEDIUM

A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=...

Score: 4.7

CVE-2025-12931

MEDIUM

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/...

Score: 6.3

CVE-2025-12613

HIGH

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing...

Score: 8.6

CVE-2025-12930

MEDIUM

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulat...

Score: 6.3

Share CVE-2025-61541

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-61541 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis