CVE-2025-59025

🗓️ 27 Nov 2025 09:23:09Reported by OXType

Malicious email can run scripts in user context; exfiltration risk; sanitization updated; no exploits known.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-59025	27 Nov 202512:38	–	circl
CNNVD	Open-Xchange OX App Suite 安全漏洞	27 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-59025	27 Nov 202509:23	–	cvelist
EUVD	EUVD-2025-199813	27 Nov 202512:30	–	euvd
NVD	CVE-2025-59025	27 Nov 202510:15	–	nvd
Positive Technologies	PT-2025-48257	27 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-59025	28 Nov 202511:09	–	redhatcve
Vulnrichment	CVE-2025-59025	27 Nov 202509:23	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "backend"
    ],
    "product": "OX App Suite",
    "vendor": "Open-Xchange GmbH",
    "versions": [
      {
        "lessThanOrEqual": "8.35.110",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.39.85",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.40.73",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.41.50",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
documentation	www.documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0003.json

15 Apr 2026 00:35Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.1

EPSS0.00024

SSVC

CWE-79