CVE-2025-64101 | Zitadel up to 2.71.17/3.4.2/4.5.x HTTP Header Forwarded/X-Forwarded-Host redirect (GHSA-mwmh-7px9-4c23)
A vulnerability, which was classified as problematic, has been found in Zitadel up to 2.71.17/3.4.2/4.5.x. This impacts an unknown function of the component HTTP Header Handler. Performing manipulation of the argument Forwarded/X-Forwarded-Host results in open redirect.
This vulnerability is identified as CVE-2025-64101. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.