Script Injection Vulnerability in Open-Xchange Appsuite Products
CVE-2025-30190

5.4MEDIUM

Key Information:

Vendor: Open-xchange Gmbh
Status: Ox App Suite
Vendor: CVE Published:; 27 November 2025

🔔 Create Open-xchange Gmbh Vulnerability Alert

What is CVE-2025-30190?

This vulnerability allows an attacker to inject malicious script code through crafted office documents. When such documents are edited, unintended actions may be executed within the user’s account context. This can lead to the unauthorized exfiltration of sensitive information. It is crucial for users to apply the necessary updates and patches to mitigate this risk.

Affected Version(s)

OX App Suite 0 <= 8.35.1513817

OX App Suite 0 <= 8.39.1565928

OX App Suite 0 <= 8.40.1565934

References

https://documentation.open-xchange.com/appsuite/security/...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2025
Vulnerability Reserved
Mar 18, 2025

JSON