CVE-2025-0431

MEDIUM Year: 2025
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-790
View all →

Vulnerability Description

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.

Related Vulnerabilities

CVE-2024-6540

MEDIUM
CVSS:5.3(Medium)

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information...

CWE-7902024

CVE-2024-47984

MEDIUM
CVSS:6.5(Medium)

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functio...

CWE-7902024

CVE-2024-43442

MEDIUM
CVSS:4.9(Medium)

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (X...

CWE-7902024

CVE-2024-43443

MEDIUM
CVSS:4.9(Medium)

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XS...

CWE-7902024

CVE-2023-22578

CRITICAL
CVSS:9.8(Critical)

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

CWE-7902023

CVE-2023-45239

CRITICAL
CVSS:9.8(Critical)

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent ...

CWE-7902023