Stored XSS Vulnerability in Group-Office by Intermesh
CVE-2025-25191

6.9MEDIUM

Key Information:

Vendor: Intermesh
Status: Groupoffice
Vendor: CVE Published:; 6 March 2025

What is CVE-2025-25191?

A Stored Cross-Site Scripting (XSS) vulnerability exists in Group-Office, an enterprise CRM and groupware tool, due to inadequate sanitization of user input in the Name field. Attackers can exploit this flaw to inject malicious scripts, potentially compromising user data and overall application security. This weakness is addressed in version 6.8.100 and users are strongly advised to update to this version or later to safeguard their systems.

Affected Version(s)

groupoffice < 6.8.100

References

https://github.com/Intermesh/groupoffice/security/advisor...

x_refsource_CONFIRM

https://github.com/Intermesh/groupoffice/commit/c5c83e19a...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Feb 3, 2025

JSON