CVE-2025-4295

Medium

Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects…

TR-CERT·CWE-297·Published 2025-07-22

CVSS

4.6

EPSS

0.00

KEV

Exploits

Tags:exclusively-hosted-service

cve.orgen

162 chars

Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects B2B: before 04.06.2025.

NVDen

162 chars

Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects B2B: before 04.06.2025.

La vulnerabilidad de validación incorrecta del certificado con falta de coincidencia de host en HotelRunner B2B permite la división de la respuesta HTTP. Este problema afecta a B2B: antes del 04.06.2025.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.6	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
3.1	Secondary	NVD	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N