QwikSec

Security Database

CVE

CWE

Training

CVE-2025-5323

Published: May 29, 2025

Modified: May 29, 2025

PUBLISHED

CVSS v3.1

3.7

LOW

Description

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor	Product	Versions
fossasia	open-event-server	affected `1.19.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

VDB-310493 | fossasia open-event-server Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking

vdb-entry

technical-description

VDB-310493 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #580256 | open-event-server v1.19.1 Reliance on Obfuscation or Encryption of Security-Relevant Input

third-party-advisory

https://gist.github.com/superboy-zjc/31ecea91b304b8dd9871ad507467ca61

related

https://gist.github.com/superboy-zjc/31ecea91b304b8dd9871ad507467ca61#proof-of-concept

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.