CVE-2025-53504

Summary

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.

Affected Software

VendorProductVersion RangeStatus
Intermesh BVGroup-Officeprior to 6.8.119affected
Intermesh BVGroup-Officeprior to 25.0.20affected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References