CVE-2025-53504 MEDIUM

CVE-2025-53504

Vendor Intermesh Bv

Product Group-Office

Weakness CWE-79 · XSS

Published August 21, 2025

Last update August 21, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.

Key dates

02Disclosure timeline

August 21, 2025 CVE published

August 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53504 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-13455 igumbi Online Booking <= 1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields CVE-2022-26375 WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability CVE-2024-13702 CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-48149 Budibase: Stored XSS in Text component: BASIC users execute JS in admin session via MarkdownViewer innerHTML + CDN+srcdoc CSP bypass

Identifiers

CVE CVE-2025-53504

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Intermesh Bv

Product Group-Office

Affected prior to 6.8.119

Vendor Intermesh Bv

Product Group-Office

Affected prior to 25.0.20