CVE-2025-29993
📋 TL;DR
PowerCMS versions before 6.6.1, 5.2.8, and 4.5.9 contain an HTTP header injection vulnerability (CWE-74) that allows attackers to manipulate email content, particularly password reset URLs. This could enable phishing attacks or account takeover by redirecting users to malicious sites. Organizations using vulnerable PowerCMS installations for email notifications are affected.
💻 Affected Systems
- PowerCMS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect password reset emails to malicious sites, leading to credential theft, account compromise, and potential lateral movement within the organization.
Likely Case
Targeted phishing attacks where users receive legitimate-looking password reset emails that redirect to attacker-controlled sites for credential harvesting.
If Mitigated
Limited impact with proper email security controls, user awareness training, and monitoring for suspicious password reset activities.
🎯 Exploit Status
Exploitation requires ability to inject HTTP headers, likely through authenticated access or other injection vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PowerCMS 6.6.1, 5.2.8, or 4.5.9
Vendor Advisory: https://www.powercms.jp/news/release-powercms-661-528-459.html
Restart Required: Yes
Instructions:
1. Backup your PowerCMS installation and database. 2. Download the patched version from the official PowerCMS website. 3. Replace the vulnerable files with the patched version. 4. Restart your web server. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable Password Reset Emails
allTemporarily disable automated password reset email functionality in PowerCMS
Modify PowerCMS configuration to disable password reset emails
Implement Email Header Validation
allAdd input validation for email headers in PowerCMS configuration
Configure PowerCMS to validate and sanitize all email header inputs
🧯 If You Can't Patch
- Implement network segmentation to isolate PowerCMS instances from critical systems
- Enable detailed logging of all password reset attempts and email sending activities
🔍 How to Verify
Check if Vulnerable:
Check PowerCMS version in admin panel or by examining version files in installation directoryCheck Version:
Check PowerCMS admin dashboard or examine /path/to/powercms/version.txt fileVerify Fix Applied:
Verify version number shows 6.6.1, 5.2.8, or 4.5.9 or higher in admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual email sending patterns
- Multiple password reset requests from single IP
- Modified email headers in logs
Network Indicators:
- Unexpected outbound email traffic patterns
- Connections to suspicious domains from email links
SIEM Query:
source="powercms_logs" AND (event="password_reset" OR event="email_sent") | stats count by src_ip, user