CVE-2025-41441 LOW

CVE-2025-41441

Vendor Synck Graphica
Product Mailform Pro CGI
Weakness CWE-209 · Error message info leak
Published May 26, 2025
Last update May 27, 2025

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature.

Key dates

02Disclosure timeline

May 26, 2025 CVE published
May 27, 2025 Record updated