Deserialization Vulnerability in b1gMail Admin Page by b1gMail
CVE-2025-1741

5.1MEDIUM

Key Information:

Vendor

b1gMail

Status
B1gmail
Vendor
CVE Published:
27 February 2025

What is CVE-2025-1741?

A vulnerability identified in b1gMail versions up to 7.4.1-pl1 allows an attacker to exploit an unknown functionality within the Admin Page component, specifically involving the manipulation of the query/q argument. This can lead to deserialization vulnerabilities, making it possible for remote attackers to execute malicious payloads. It is crucial for users to upgrade to version 7.4.1-pl2, which addresses this security concern effectively. The b1gMail team has demonstrated their commitment to security by also incorporating a fix in the discontinued commercial release of b1gMail. Keep your software updated to mitigate risks associated with this vulnerability.

Affected Version(s)

b1gMail 7.4.1-pl1

References

https://vuldb.com/?id.297829
vdb-entrytechnical-description
https://vuldb.com/?ctiid.297829
signaturepermissions-required
https://vuldb.com/?submit.505838
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mcdruid (VulDB User)
.