CVE-2025-25191

Published: Mar 6, 2025

Modified: Mar 6, 2025

PUBLISHED

Description

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.

Vendor	Product	Versions
Intermesh	groupoffice	affected `< 6.8.100`

Weaknesses (CWE)

CWE-79

References

https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf

x_refsource_CONFIRM

https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-25191

Description

Affected Products

Weaknesses (CWE)

References