{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53373", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-27T12:57:16.122Z", "datePublished": "2025-07-07T15:38:42.320Z", "dateUpdated": "2025-07-07T15:47:18.889Z"}, "containers": {"cna": {"title": "Natours has a 1 Click Account take over on reset password via Host Header injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-640", "lang": "en", "description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv"}, {"name": "https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b", "tags": ["x_refsource_MISC"], "url": "https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b"}], "affected": [{"vendor": "ahmed-elgaml11", "product": "Natours", "versions": [{"version": "< 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-07T15:38:42.320Z"}, "descriptions": [{"lang": "en", "value": "Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b."}], "source": {"advisory": "GHSA-8gmw-7p75-58qv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T15:46:57.776939Z", "id": "CVE-2025-53373", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T15:47:18.889Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53373", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-07T15:46:57.776939Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T15:47:03.487Z"}}], "cna": {"title": "Natours has a 1 Click Account take over on reset password via Host Header injection", "source": {"advisory": "GHSA-8gmw-7p75-58qv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ahmed-elgaml11", "product": "Natours", "versions": [{"status": "affected", "version": "< 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b"}]}], "references": [{"url": "https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv", "name": "https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b", "name": "https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-640", "description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-07T15:38:42.320Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53373", "state": "PUBLISHED", "dateUpdated": "2025-07-07T15:47:18.889Z", "dateReserved": "2025-06-27T12:57:16.122Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-07T15:38:42.320Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b."}, {"lang": "es", "value": "Natours es una API de reserva de tours. El atacante puede tomar el control f\u00e1cilmente de cualquier cuenta v\u00edctima inyectando un dominio de servidor controlado por el atacante en el encabezado del host al solicitar el endpoint /forgetpassword. Esta vulnerabilidad se corrige con el commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b."}], "id": "CVE-2025-53373", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-07-07T16:15:24.950", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ahmed-elgaml11/Natours/commit/7401793a8d9ed0f0c250c4e0ee2815d685d7a70b"}, {"source": "security-advisories@github.com", "url": "https://github.com/ahmed-elgaml11/Natours/security/advisories/GHSA-8gmw-7p75-58qv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}