We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-53373

Natours has a 1 Click Account take over on reset password via Host Header injection



Description

Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b.

Reserved 2025-06-27 | Published 2025-07-07 | Updated 2025-07-07 | Assigner GitHub_M


HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-640: Weak Password Recovery Mechanism for Forgotten Password

Product status

< 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b
affected

References

github.com/...atours/security/advisories/GHSA-8gmw-7p75-58qv

github.com/...ommit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b

cve.org (CVE-2025-53373)

nvd.nist.gov (CVE-2025-53373)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-53373

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.