CVE-2025-48993
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intermesh | group-office | to 6.8.123 (exc) |
| intermesh | group-office | From 25.0.1 (inc) to 25.0.27 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48993 is a reflected Cross-Site Scripting (XSS) vulnerability in the Group-Office application. It occurs because the application allows users to update their 'Look and Feel' formatting input fields without properly sanitizing the input. This lack of input validation enables attackers to inject malicious JavaScript code that executes when the input is rendered, potentially affecting any user who views the malicious input. The vulnerability was fixed by encoding the output to prevent script execution. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to the execution of malicious JavaScript in the context of the affected application, which may result in session hijacking, phishing attacks, and the exfiltration of sensitive user data. Attackers can exploit this to steal user credentials or perform unauthorized actions on behalf of the user. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject a JavaScript payload into the 'Look and Feel' formatting input fields of the GroupOffice application and observing if the script executes. For example, logging in, navigating to 'My account' > 'Look and feel,' and entering a payload such as `<img src=0 onerror=alert(1)>` into the 'List separator' field. If the alert executes upon saving or rendering, the system is vulnerable. There are no specific network commands provided, but manual testing through the web interface is effective. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the GroupOffice application to version 6.8.123 or 25.0.27 or later, where the vulnerability has been patched. The patch involves encoding user input in the 'Look and Feel' formatting fields to prevent execution of malicious scripts. Until the upgrade, restrict user access to the 'Look and Feel' formatting fields if possible, and educate users about the risks of injecting scripts. [1, 2, 3]