CVE-2025-24389 MEDIUM

CVE-2025-24389: SMTP Password will be shown in cleartext on some SMTP errors

Vendor Otrs Ag
Product OTRS
Weakness CWE-532 · Sensitive info in logs
Published January 27, 2025
Last update February 12, 2025

CVSS base score

6.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

Key dates

02Disclosure timeline

January 27, 2025 CVE published
February 12, 2025 Record updated