CVE-2025-4295

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4295
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025.

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.usom.gov.tr/bildirim/tr-25-0169
Configurations

No configuration.

History

25 Jul 2025, 15:29

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de validaciĆ³n incorrecta del certificado con falta de coincidencia de host en HotelRunner B2B permite la divisiĆ³n de la respuesta HTTP. Este problema afecta a B2B: antes del 04.06.2025.

22 Jul 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-22 14:15

Updated : 2025-07-25 15:29

NVD link : CVE-2025-4295

Mitre link : CVE-2025-4295

CVE.ORG link : CVE-2025-4295

JSON object : View

Products Affected

No product.

CWE
CWE-297

Improper Validation of Certificate with Host Mismatch