User Enumeration Vulnerability in Horde Groupware by Horde Group
CVE-2025-41066
6.9MEDIUM
What is CVE-2025-41066?
Horde Groupware v5.2.22 contains a user enumeration vulnerability that permits unauthenticated attackers to ascertain the existence of valid user accounts. By crafting an HTTP request directed at '/imp/attachment.php' with specific parameters, an attacker can discern user validity. A successful request for an existing user results in the server returning a download link for an empty file, while no response indicates a non-existent user. This behavior exposes sensitive information and can lead to further attacks on the system.
Affected Version(s)
Groupware 5.2.22
