CVE-2025-27632

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27632
A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch
Configurations

No configuration.

History

No history.

Information

Published : 2025-03-25 13:15

Updated : 2025-10-24 13:15

NVD link : CVE-2025-27632

Mitre link : CVE-2025-27632

CVE.ORG link : CVE-2025-27632

JSON object : View

Products Affected

No product.

CWE
CWE-644

Improper Neutralization of HTTP Headers for Scripting Syntax