cbcvebase.
CVE-2025-24388
published 2025-06-16

CVE-2025-24388: A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin…

PriorityP413low3.8CVSS 3.1
AVNACLPRHUINSUCNILAL
EPSS
0.24%
14.7th percentile
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user.

This issue affects:

* OTRS 7.0.X

* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.X

* ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected

6 ranges
VendorProductVersion rangeFixed in
otrs_agcommunity_edition
otrs_agotrs
otrs_agotrs
otrs_agotrs
otrs_agotrs
otrs_agotrs2025.x – 2025.5.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.