Cross-Site Scripting Vulnerability in Active! mail by Qualitia
CVE-2025-52462

5.1MEDIUM

Key Information:

Vendor: Qualitia Co., Ltd.
Status: Active! Mail 6
Vendor: CVE Published:; 2 July 2025

🔔 Create Qualitia Co., Ltd. Vulnerability Alert

What is CVE-2025-52462?

A cross-site scripting vulnerability in Active! mail allows attackers to execute arbitrary scripts within the context of a logged-in user's web browser. This vulnerability is triggered when a user accesses a specially crafted URL, potentially leading to data theft or session hijacking. It is crucial for users and administrators to apply security best practices and update their installations to mitigate the risks associated with this vulnerability.

Affected Version(s)

Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562

References

https://www.qualitia.com/jp/news/2025/07/02_1100.html

https://jvn.jp/en/jp/JVN89505333/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Jun 18, 2025