CVE-2025-13434 | jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER['HOST'] http headers for scripting syntax

A vulnerability, which was classified as problematic, has been found in jameschz Hush Framework 2.0. The impacted element is an unknown function of the file Hushhush-libhushUtil.php of the component HTTP Host Header Handler. This manipulation of the argument $_SERVER[‘HOST’] causes improper neutralization of http headers for scripting syntax.

This vulnerability is tracked as CVE-2025-13434. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13434 | jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER[‘HOST’] http headers for scripting syntax

Post correlati

CVE-2025-26453 | Google Android 13/14/15 BluetoothOppSendFileInfo.java isContentUriForOtherUser information disclosure

CVE-2025-6643 | PDF-XChange Editor 10.5.2.395 U3D File Parser out-of-bounds (ZDI-25-428)

CVE-2023-52690 | Linux Kernel up to 6.7.1 scom_debug_init_one null pointer dereference

CVE-2025-11026 | givanz Vvveb up to 1.0.7.2 Configuration File information disclosure