Cross-Site Redirection Vulnerability in Open-Xchange Product
CVE-2025-30191

5.4MEDIUM

Key Information:

Vendor: Open-xchange Gmbh
Status: Ox App Suite
Vendor: CVE Published:; 31 October 2025

🔔 Create Open-xchange Gmbh Vulnerability Alert

What is CVE-2025-30191?

A vulnerability exists in the Open-Xchange App Suite that enables attackers to exploit malicious content delivered via email to perform redirection attacks. This flaw allows users to be tricked into executing unintended actions or disclosing sensitive information to unauthorized entities, potentially leading to further security threats. To mitigate the risks associated with this vulnerability, the sanitization process now blocks attribute values containing HTML fragments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OX App Suite 0 <= 7.6.3-rev77

OX App Suite 0 <= 8.35.111

OX App Suite 0 <= 8.38.82

References

https://documentation.open-xchange.com/appsuite/security/...

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Mar 18, 2025

JSON

Open-xchange Gmbh