CVE-2025-50340
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-04

Last updated on: 2025-08-15

Assigner: MITRE

Description
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system. NOTE: this is disputed by the Supplier because the only effective way to prevent this sender spoofing is on the SMTP server, not within a client such as SOGo.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-04
Last Modified
2025-08-15
Generated
2026-05-27
AI Q&A
2025-08-04
EPSS Evaluated
2026-05-25
NVD
CVE-2025-50340
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sogo webmail *
sogo webmail 5.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-50340 is an Insecure Direct Object Reference (IDOR) vulnerability in SOGo Webmail version 5.6.0. It allows an authenticated user to send emails on behalf of other users by manipulating the 'from' parameter in the email sending request. The server does not verify whether the user is authorized to use the specified sender identity, enabling unauthorized message delivery as another user. This can be exploited to impersonate users, conduct phishing attacks, or perform unauthorized communications within the system. [1]


How can this vulnerability impact me? :

This vulnerability can lead to serious impacts such as impersonation of other users, enabling phishing attacks, and unauthorized communication within the system. Attackers can send emails that appear to come from legitimate users, potentially damaging trust, causing information disclosure, or facilitating further attacks on recipients. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring email sending requests for manipulation of the "from" parameter. One approach is to intercept and inspect HTTP requests sent by authenticated users to the SOGo Webmail server, looking for discrepancies where the "from" field does not match the authenticated user's identity. Tools like Burp Suite can be used to capture and analyze these requests. There are no specific commands provided, but using a proxy tool to intercept and modify requests during email sending attempts is recommended. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include enforcing strict server-side authorization checks to ensure that users can only send emails from their own authorized email addresses. The system must verify that the authenticated user is the legitimate owner of the sender identity specified in the email sending request before processing it. Until a patch or update is applied, monitoring and restricting access to the email sending functionality may help reduce exploitation risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart