CVE-2025-63406

High CVSS: 8.8

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php

Vendor

Group-office

Product

Group Office

CWE

CWE-77

Yayın Tarihi

2025-11-13 19:15:48

Güncelleme

2026-01-09 15:45:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Group Office HIGH Group-office 2025

Referanslar

https://github.com/WinDyAlphA/CVE-2025-63406-PoC https://noahheraud.com/posts/CVE-2025-63406/

Benzer Kayıtlar

High

CVE-2026-25511

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, a…

Critical

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, a…

Critical

CVE-2026-25134

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5…

Medium

CVE-2026-23887

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25…

Medium

CVE-2025-53505

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerabil…

Medium

CVE-2025-53504

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vuln…