ghost123gg
[Security Contact Request] CVE-2025-43933 – Vulnerability Disclosure Coordination
Dear fblog Maintainers,
We have identified a security vulnerability in the password reset functionality of this project and have responsibly reported it to MITRE. A CVE ID has been reserved for tracking purposes:
CVE-2025-43933 – Account takeover via Host header manipulation.
In accordance with best practices for coordinated disclosure, we would like to share technical details with you privately. Could you kindly provide a preferred security contact method (such as an email address or encrypted channel)? Alternatively, you are welcome to reach out to me directly at the address listed below.
We are observing a 45-day disclosure timeline and would be happy to assist with remediation or coordinate the timing of public disclosure if needed.
Looking forward to hearing from you.
Best regards,
Rui Yang
Master’s Student, Security Informatics
Johns Hopkins University
[email protected]
