cbcvebase.
CVE-2025-59025
published 2025-11-27

CVE-2025-59025: Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of…

PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.17%
6.4th percentile
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known

Affected

1 ranges
VendorProductVersion rangeFixed in
open-xchange_gmbhox_app_suite<= 8.35.110
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.