CVE-2025-27632

A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch

Configurations

No configuration.

History

24 Oct 2025, 13:15

Type	Values Removed	Values Added
CWE	~~CWE-74~~	CWE-644

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de inyección de encabezado de host en la aplicación TRMTracker puede permitir que un atacante, al modificar el valor del encabezado de host en una solicitud HTTP, aproveche múltiples vectores de ataque, incluida la desfiguración del contenido del sitio mediante el envenenamiento de la caché web.

25 Mar 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-25 13:15

Updated : 2025-10-24 13:15

NVD link : CVE-2025-27632

Mitre link : CVE-2025-27632

CVE.ORG link : CVE-2025-27632

JSON object : View

Products Affected

No product.

CWE

CWE-644

Improper Neutralization of HTTP Headers for Scripting Syntax

6.1 /10