CVE-2025-43926

Published: May 8, 2025

Modified: May 12, 2025

PUBLISHED

Description

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://znuny.com

https://www.znuny.org/en/advisories/zsa-2025-07

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-43926

Description

Affected Products

References