HTTP Header Injection Vulnerability in PowerCMS by PowerCMS Inc.
CVE-2025-29993

5.3MEDIUM

Key Information:

Vendor: Alfasado Inc.
Status: Powercms 6.x Series; Powercms 5.x Series; Powercms 4.x Series
Vendor: CVE Published:; 27 March 2025

🔔 Create Alfasado Inc. Vulnerability Alert

What is CVE-2025-29993?

PowerCMS versions prior to the latest release are susceptible to HTTP header injection, which can be exploited to manipulate the content of emails sent by the application. This flaw allows malicious actors to craft a tampered URL, potentially executing unintended actions such as generating password reset emails that direct users to malicious locations. Prompt patching is recommended to mitigate the associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PowerCMS 4.x series 4.58 and earlier

PowerCMS 5.x series 5.27 and earlier

PowerCMS 6.x series 6.6 and earlier

References

https://www.powercms.jp/news/release-powercms-661-528-459...

https://jvn.jp/en/jp/JVN39026557/

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 13, 2025

JSON

Alfasado Inc.

What is CVE-2025-29993?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.