Open Redirect in Drawing-captcha Drawing-captcha-app
CVE-2025-62428
Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in…
Vulnerability class: Open Redirect
EPSS: 0.004 (33.1th percentile) — read the EPSS interpretation.
Affected products
- Drawing-captcha Drawing-captcha-app — versions < 1.2.5-alpha-patch
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)