Enaio

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-56425 CRITICAL POC Act Now

enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.

Command Injection Enaio

NVD

CVSS 3.1

9.1

EPSS

0.3%

CVE-2025-56425

EPSS 0% CVSS 9.1

CRITICAL POC Act Now

enaio document management AppConnector (multiple versions) has SMTP command injection via the /osrest/api/organization/s endpoint. Authenticated attackers can inject arbitrary SMTP commands, potentially sending spam or phishing emails through the organization's mail server. PoC available.

Command Injection Enaio

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy