CVE-2025-7777

Summary

The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

Workarounds

There's currently no available mitigation for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References