Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user.
This issue affects:
- OTRS 7.0.X
- OTRS 8.0.X
- OTRS 2023.X
- OTRS 2024.X
- OTRS 2025.X
- ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
AnalysisAI
CVE-2025-24388 is a security vulnerability (CVSS 3.8) that allows parameter injection due. Remediation should follow standard vulnerability management procedures.
Technical ContextAI
Vulnerability type not specified by vendor.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-184 – Incomplete List of Disallowed Inputs
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18393