cbcvebase.
CVE-2025-30190
published 2025-11-27

CVE-2025-30190: Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users…

PriorityP426medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.15%
5.0th percentile
Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known

Affected

1 ranges
VendorProductVersion rangeFixed in
open-xchange_gmbhox_app_suite<= 8.35.1513817
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.