CVE-2025-30349

🗓️ 21 Mar 2025 00:00:00Reported by mitreType

XSS vulnerability in Horde IMP allows account takeover through crafted email messages.

Reporter	Title	Published	Views	Family All 21
Information Security Automation	May	23 May 202521:25	–	avleonov
Circl	CVE-2025-30349	21 Mar 202517:19	–	circl
CNNVD	IMP 安全漏洞	21 Mar 202500:00	–	cnnvd
Cvelist	CVE-2025-30349	21 Mar 202500:00	–	cvelist
Debian	[SECURITY] [DLA 4113-1] php-horde-imp security update	3 Apr 202509:52	–	debian
Debian CVE	CVE-2025-30349	21 Mar 202500:00	–	debiancve
Tenable Nessus	Debian dla-4113 : php-horde-imp - security update	3 Apr 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-30349	27 Aug 202500:00	–	nessus
EUVD	EUVD-2025-7227	3 Oct 202520:07	–	euvd
NVD	CVE-2025-30349	21 Mar 202517:15	–	nvd

Vulners

CNA

Node

horde impRange0–6.2.27

[
  {
    "defaultStatus": "unknown",
    "product": "IMP",
    "vendor": "Horde",
    "versions": [
      {
        "lessThanOrEqual": "6.2.27",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst
web	www.web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
github	www.github.com/horde/imp/blob/fd9212ca3b72ff834504af4886f7d95138619bd4/doc/INSTALL.rst
horde	www.horde.org/apps/imp
github	www.github.com/natasaka/CVE-2025-30349/
github	www.github.com/horde/webmail/releases/tag/v5.2.22
lists	www.lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
web	www.web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
lists	www.lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
github	www.github.com/horde/imp/releases/tag/v6.2.27

15 Apr 2026 00:35Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.2

EPSS0.49715

SSVC

CWE-79