CVE-2025-30186
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Open-Xchange
Description
Description
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open-xchange | ox_app_suite | 8.35.108 |
| open-xchange | ox_app_suite | 8.41.60 |
| open-xchange | ox_app_suite | 8.39.84 |
| open-xchange | ox_app_suite | 8.38.90 |
| open-xchange | ox_app_suite | 8.41.61 |
| open-xchange | ox_app_suite | 8.35.107 |
| open-xchange | ox_app_suite | 8.40.68 |
| open-xchange | ox_app_suite | 8.40.69 |
| open-xchange | ox_app_suite | 8.38.89 |
| open-xchange | ox_app_suite | 8.39.83 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves malicious content being uploaded as a file, which can then be used to execute script code when users follow attacker-controlled links. This can lead to unintended actions being performed in the context of the user's account.
How can this vulnerability impact me? :
The vulnerability can result in unauthorized actions executed under the user's account, including the exfiltration of sensitive information, potentially compromising user data and security.
What immediate steps should I take to mitigate this vulnerability?
Deploy the provided updates and patch releases as recommended to mitigate this vulnerability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70