Skip to main content

CVE-2025-40710

| EUVDEUVD-2025-19527 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2025-06-30 cve-coordination@incibe.es
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 01:25 euvd
EUVD-2025-19527
Analysis Generated
Mar 16, 2026 - 01:25 vuln.today
CVE Published
Jun 30, 2025 - 11:15 nvd
LOW 2.3

DescriptionCVE.org

Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests.

Analysis

Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests.

Technical ContextAI

An open redirect vulnerability allows attackers to redirect users from a trusted domain to an arbitrary external URL through manipulation of redirect parameters.

RemediationAI

Validate redirect URLs against a whitelist of allowed destinations. Use relative URLs for redirects. Warn users before redirecting to external sites.

Share

CVE-2025-40710 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy