CVE-2025-25191

5.4 MEDIUM
Published: March 06, 2025 Modified: October 10, 2025
View on NVD

Description

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/Intermesh/groupoffice/commit/c5c83e19a5cdf93b0e758726c97597861f1d6eda
Source: security-advisories@github.com
Patch
https://github.com/Intermesh/groupoffice/security/advisories/GHSA-j7p3-v652-p3gf
Source: security-advisories@github.com
Exploit Vendor Advisory

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.4 / 10.0
EPSS (Exploit Probability)
0.2%
44th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

group-office

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A