CVE-2025-24388
published 2025-06-16CVE-2025-24388: A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin…
PriorityP413low3.8CVSS 3.1
AVNACLPRHUINSUCNILAL
EPSS
0.24%
14.7th percentile
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs_ag | community_edition | — | — |
| otrs_ag | otrs | — | — |
| otrs_ag | otrs | — | — |
| otrs_ag | otrs | — | — |
| otrs_ag | otrs | — | — |
| otrs_ag | otrs | 2025.x – 2025.5.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-16
Published