Cross-Site Request Forgery Vulnerability in Active! mail by Qualitia
CVE-2025-52463

2.1LOW

Key Information:

Vendor

Qualitia Co., Ltd.

Status
Active! Mail 6
Vendor
CVE Published:
2 July 2025

What is CVE-2025-52463?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Active! mail that allows an attacker to send unintended emails. Users logged into Active! mail may be tricked into clicking on a specially crafted URL, leading to actions being performed on their behalf without consent. This could result in unauthorized email transmissions, compromising user privacy and security.

Affected Version(s)

Active! mail 6 BuildInfo: 6.60.06008562 and earlier

References

https://www.qualitia.com/jp/news/2025/07/02_1100.html
https://jvn.jp/en/jp/JVN89505333/

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.