CVE-2025-30191

Summary

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedure. No publicly available exploits are known

Affected Software

VendorProductVersion RangeStatus
Open-Xchange GmbHOX App Suite0 <= 7.6.3-rev77affected
Open-Xchange GmbHOX App Suite0 <= 8.35.111affected
Open-Xchange GmbHOX App Suite0 <= 8.38.82affected
Open-Xchange GmbHOX App Suite0 <= 8.39.79affected
Open-Xchange GmbHOX App Suite0 <= 8.40.57affected

Weaknesses

  • CWE-1021: Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References