CVE-2025-29993

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Productos afectados

Alfasado Inc. · PowerCMS 4.x series Alfasado Inc. · PowerCMS 5.x series Alfasado Inc. · PowerCMS 6.x series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jvn.jp/en/jp/JVN39026557/https://www.powercms.jp/news/release-powercms-661-528-459.html