Groupware

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-41066 MEDIUM PATCH This Month

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.

PHP Information Disclosure Ubuntu Debian Groupware

NVD

CVSS 3.1

5.3

EPSS

0.1%

CVE-2025-41066

EPSS 0% CVSS 5.3

MEDIUM PATCH This Month

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.

PHP Information Disclosure Ubuntu +2

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy