cbcvebase.
CVE-2025-30186
published 2025-11-27

CVE-2025-30186: Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the…

PriorityP428medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.15%
5.0th percentile
Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known

Affected

1 ranges
VendorProductVersion rangeFixed in
open-xchange_gmbhox_app_suite<= 8.35.107
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.