Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
AnalysisAI
A security vulnerability in JobCenter through 7e7b0b2 (CVSS 9.8) that allows account takeover. Critical severity with potential for significant impact on affected systems.
Technical ContextAI
Vulnerability type not specified by vendor. CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects JobCenter through 7e7b0b2.
RemediationAI
Monitor vendor channels for patch availability.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20239