CVE-2025-0885

Summary

Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels.

The vulnerability could allow unauthorized access to calendar items marked private.

This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 24.4.

Affected Software

VendorProductVersion RangeStatus
OpenText™GroupWise7 <= 17.5affected
OpenText™GroupWise23.4affected
OpenText™GroupWise24.1affected
OpenText™GroupWise24.2affected
OpenText™GroupWise24.3affected
OpenText™GroupWise24.4affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References