Exploit for CVE-2025-63406

CVE-2025-63406 – Security Research Proof-of-Concept PoC Thi...

CVE-2025-63406

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi and eval in the FunctionField.php...

PT-2025-46893

Name of the Vulnerable Software and Affected Versions GroupOffice versions prior to 25.0.47 GroupOffice versions prior to 6.8.136 Description A flaw exists that allows a remote attacker to execute arbitrary code. This is possible through the dbToApi and eval functions within the FunctionField.php...

CVE-2025-63406

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi and eval in the FunctionField.php...

EUVD-2025-16176

Malicious code in bioql PyPI...

CVE-2025-48368

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

CVE-2025-48369

CVE-2025-48369 affects Group-Office (enterprise CRM/groupware). A persistent XSS flaw exists in the tasks comment feature where uploading a file with a crafted filename allows arbitrary JavaScript to run when users view the task comment. The issue stems from failing to sanitize image filenames be...

CVE-2025-48368 GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting XSS vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the context of the victim'...

CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...

CVE-2025-48366 GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This allows a malicious actor to inject persisten...