CVE-2025-26842

High CVSS: 7.5

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.

Vendor

Znuny

Product

Znuny

CWE

CWE-863

Yayın Tarihi

2025-05-08 16:15:25

Güncelleme

2025-06-12 16:49:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-863 Znuny HIGH Znuny 2025

Referanslar

https://www.znuny.org/en/advisories/zsa-2025-01

Benzer Kayıtlar

Critical

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to…

Critical

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can us…

High

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

Medium

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateA…

Critical

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.