Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-43932

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

Published

2025-07-07T16:15:23.380

Last Modified

2025-07-08T18:15:28.527

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-640

Affected Vendors & Products

References

https://github.com/guomaoqiu/JobCenter/blob/7e7b0b2f756d66bba7e592a6c8952c78a3573d9c/app/templates/auth/email/reset_password.txt ([email protected])
https://github.com/guomaoqiu/JobCenter/issues/18 ([email protected])