CVE-2025-24389Log File Information Exposure in AG Community Edition

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 87.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Otrs AG Community EditionOtrs AG Otrs
Timeline
PublishedJan 27

Description

Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.0 | Impact: 5.2

Affected Packages2 packages

CVEListV5otrs_ag/community_edition6.0.x6.0.34
CVEListV5otrs_ag/otrs4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mvq2-cppv-f4gq: Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to t2025-01-27
CVEList
SMTP Password will be shown in cleartext on some SMTP errors2025-01-27
CVE-2025-24389 — Log File Information Exposure | cvebase