CVE-2025-52374

Sažetak

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.

Reference

https://github.com/hmailserver/hmailserver
https://github.com/mojibake-dev/hMailEnum
https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52374.md

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

21-07-2025 - 16:15

Objavljeno

21-07-2025 - 16:15