CVE-2025-24389

Summary

Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.

This issue affects:

  • OTRS 7.0.X

  • OTRS 8.0.X

  • OTRS 2023.X

  • OTRS 2024.X

  • ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.xaffected
OTRS AGOTRS8.0.xaffected
OTRS AGOTRS2023.xaffected
OTRS AGOTRS2024.xaffected
OTRS AG((OTRS)) Community Edition6.0.x <= 6.0.34affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

Workarounds

Use a local MTA for sending instead of SMTP configuration within OTRS

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References