CVE-2025-30191 MEDIUM

CVE-2025-30191

Vendor Open-Xchange Gmbh
Product OX App Suite
Weakness CWE-1021
Published October 31, 2025
Last update October 31, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedure. No publicly available exploits are known

Key dates

02Disclosure timeline

October 31, 2025 CVE published
October 31, 2025 Record updated