CVE-2025-53373 – Natours Host Header Injection Vulnerability

CVE ID : CVE-2025-53373

Published : July 7, 2025, 4:15 p.m. | 59 minutes ago

Description : Natours is a Tour Booking API. The attacker can easily take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the /forgetpassword endpoint. This vulnerability is fixed with commit 7401793a8d9ed0f0c250c4e0ee2815d685d7a70b.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…