CVE-2025-43931

Published July 7th, 2025

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.

MaxHalford/flask-boilerplate

:rocket: Fully fledged Flask boilerplate code

GitHub

357