Cross-Site Redirection Vulnerability in Open-Xchange Product
CVE-2025-30191

5.4MEDIUM

Key Information:

Vendor: Open-xchange Gmbh
Status: Ox App Suite
Vendor: CVE Published:; 31 October 2025

🔔 Create Open-xchange Gmbh Vulnerability Alert

What is CVE-2025-30191?

A vulnerability exists in the Open-Xchange App Suite that enables attackers to exploit malicious content delivered via email to perform redirection attacks. This flaw allows users to be tricked into executing unintended actions or disclosing sensitive information to unauthorized entities, potentially leading to further security threats. To mitigate the risks associated with this vulnerability, the sanitization process now blocks attribute values containing HTML fragments.

Affected Version(s)

OX App Suite 0 <= 7.6.3-rev77

OX App Suite 0 <= 8.35.111

OX App Suite 0 <= 8.38.82

References

https://documentation.open-xchange.com/appsuite/security/...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Mar 18, 2025

JSON