CVE-2025-24391Observable Discrepancy in AG Otrs

CWE-203Observable Discrepancy3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 79.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Otrs AG Otrs
Timeline
PublishedJul 14

Description

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.X

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5otrs_ag/otrs2025.x2025.5.x+4

🔴Vulnerability Details

2
GHSA
GHSA-fhjw-qvv3-45m7: A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response2025-07-14
CVEList
Possible user enumeration2025-07-14
CVE-2025-24391 — Observable Discrepancy in Otrs AG Otrs | cvebase