How to fix CVE-2025-53373?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

CVE-2025-53373

EUVD-2025-20280 HIGH

2025-07-07 [email protected]

8.9

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 03:37 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 03:37 euvd

EUVD-2025-20280

CVE Published

Jul 07, 2025 - 16:15 nvd

HIGH 8.9

Description

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b.

Analysis

A security vulnerability in Natours (CVSS 8.9). High severity vulnerability requiring prompt remediation.

Technical Context

Vulnerability type not specified by vendor. CVSS 8.9 indicates high severity. Affects Natours.

Affected Products

['Natours']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2025-53373 vulnerability details – vuln.today

Back

CVE-2025-53373

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-53373

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code