CVE-2025-47424
EUVD-2025-1419809.05.2025, 23:15
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| retool | retool | 3.18.1 ≤ 𝑥 ≤ 3.18.23 | CNA |
| retool | retool | 3.20.1 ≤ 𝑥 ≤ 3.20.18 | CNA |
| retool | retool | 3.22.1 ≤ 𝑥 ≤ 3.22.21 | CNA |
| retool | retool | 3.24.1 ≤ 𝑥 ≤ 3.24.22 | CNA |
| retool | retool | 3.26.4 ≤ 𝑥 ≤ 3.26.14 | CNA |
| retool | retool | 3.28.3 ≤ 𝑥 ≤ 3.28.15 | CNA |
| retool | retool | 3.30.1 ≤ 𝑥 ≤ 3.30.15 | CNA |
| retool | retool | 3.32.1 ≤ 𝑥 ≤ 3.32.12 | CNA |
Common Weakness Enumeration