Information Disclosure Vulnerability in Znuny Support Bundles
CVE-2025-26847

7.5HIGH

Key Information:

Vendor: Znuny
Status: Znuny
Vendor: CVE Published:; 8 May 2025

What is CVE-2025-26847?

An issue exists in Znuny versions before 7.1.5 where the generation of support bundles fails to adequately mask all sensitive passwords. This oversight can lead to the inadvertent exposure of confidential information, thereby increasing the risks associated with data integrity and privacy for users. It is essential for organizations using affected versions to review their configurations and apply necessary updates to mitigate potential security threats.

References

https://www.znuny.com

https://www.znuny.org/en/advisories/zsa-2025-06

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Feb 15, 2025

CVE-2025-26847 Data

JSON