Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
fblog through 983bede allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
AnalysisAI
A security vulnerability in fblog through 983bede (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.
Technical ContextAI
Vulnerability type not specified by vendor. CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects fblog through 983bede.
RemediationAI
Monitor vendor channels for patch availability.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20237