CVE-2025-4295
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-07-25
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hotelrunner | b2b | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-297 | The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Validation of Certificate with Host Mismatch in HotelRunner B2B software versions before 04.06.2025. It allows HTTP Response Splitting attacks, which occur when an attacker manipulates the HTTP response headers by injecting malicious data, potentially leading to security issues such as web cache poisoning or cross-site scripting.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to perform HTTP Response Splitting attacks, which may lead to information disclosure, manipulation of web content, or other security issues. The CVSS score of 4.6 indicates a medium severity with potential impacts on confidentiality and integrity, but no impact on availability.