CVE-2025-59025
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Open-Xchange
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open-xchange | open-xchange | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves malicious e-mail content that can execute script code within the context of the user's account. This means that unintended actions, such as running scripts, can be performed without the user's intention. The issue arises because the sanitization process was bypassed, allowing harmful scripts to run. The sanitization has since been updated to prevent such bypasses.
How can this vulnerability impact me? :
The vulnerability can lead to unintended actions being executed in the context of the user's account, including the exfiltration of sensitive information. This means attackers could potentially steal personal or confidential data by exploiting this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate steps include ensuring that your e-mail system is updated with the latest patches that include the updated sanitization to prevent script code execution from malicious e-mail content. Additionally, educate users to be cautious with e-mails containing scripts or suspicious content and consider implementing e-mail filtering solutions to block potentially malicious content.