7.1
CVE-2025-47424
- EPSS 0.1%
- Veröffentlicht 09.05.2025 23:15:51
- Zuletzt bearbeitet 12.05.2025 17:32:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRetool
≫
Produkt
Retool
Default Statusunaffected
Version <=
3.18.23
Version
3.18.1
Status
affected
Version <=
3.20.18
Version
3.20.1
Status
affected
Version <=
3.22.21
Version
3.22.1
Status
affected
Version <=
3.24.22
Version
3.24.1
Status
affected
Version <=
3.26.14
Version
3.26.4
Status
affected
Version <=
3.28.15
Version
3.28.3
Status
affected
Version <=
3.30.15
Version
3.30.1
Status
affected
Version <=
3.32.12
Version
3.32.1
Status
affected
Version <=
3.33.37-stable
Version
3.33.1-stable
Status
affected
Version <=
3.52.28-stable
Version
3.52.1-stable
Status
affected
Version <=
3.75.25-stable
Version
3.75.1-stable
Status
affected
Version <=
3.114.22-stable
Version
3.114.1-stable
Status
affected
Version <=
3.148.22-stable
Version
3.148.1-stable
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.28 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 7.1 | 1.6 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
|
CWE-348 Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.