216.73.216.86

CVE-2025-52374

· Published 21/07/2025 16:15 · Modified 22/07/2025 16:15

Labels: CVE-2025-52374 2025-07-21CVE-2025-52374CWE-321[email protected]

Essential information

Published
21/07/2025 16:15
Modified
22/07/2025 16:15
Author
Creator
CVSS
4.6 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS metrics

Description

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hmailserver / hmailserver cpe:2.3:a:hmailserver:hmailserver:5.8.6:*:*:*:*:*:*:*
hmailserver / hmailserver cpe:2.3:a:hmailserver:hmailserver:5.6.9-beta:*:*:*:*:*:*:*

References