CVE-2025-59025 MEDIUM

CVE-2025-59025

Vendor Open-Xchange Gmbh
Product OX App Suite
Weakness CWE-79 · XSS
Published November 27, 2025
Last update December 1, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known

Key dates

02Disclosure timeline

November 27, 2025 CVE published
December 1, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-48258 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-22276 WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability CVE-2019-25088 ytti Oxidized Web conf_search.haml cross site scripting CVE-2024-6361 Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product. CVE-2023-2565 SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting