CVE-2025-11854 | TID-Lab Aggie 1.0 HTTP Header reset-password.js sendEmail req.headers.host http headers for scripting syntax

A vulnerability identified as problematic has been detected in TID-Lab Aggie 1.0. This impacts the function sendEmail of the file aggie/lib/api/reset-password.js of the component HTTP Header Handler. The manipulation of the argument req.headers.host leads to improper neutralization of http headers for scripting syntax.

This vulnerability is traded as CVE-2025-11854. It is possible to initiate the attack remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11854 | TID-Lab Aggie 1.0 HTTP Header reset-password.js sendEmail req.headers.host http headers for scripting syntax

Post correlati

CVE-2023-52110 | Huawei HarmonyOS 4.0.0 Sensor Module out-of-bounds

CVE-2024-0675 | Lamassu Bitcoin ATM Douro Machine 7.1 Kiosk Mode unusual condition

CVE-2024-35162 | WPFactory Download Plugins and Themes from Dashboard Plugin up to 1.8.5 path traversal

CVE-2024-32683 | Wpmet Wp Ultimate Review Plugin up to 2.2.5 on WordPress authorization