216.73.216.89

CVE-2025-56425

· Published 08/01/2026 17:15 · Modified 09/01/2026 19:16

Labels: CVE-2025-56425 2026-01-08CVE-2025-56425CWE-77[email protected]

Essential information

Published
08/01/2026 17:15
Modified
09/01/2026 19:16
Author
Creator
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS metrics

Description

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated remote attackers to inject arbitrary SMTP commands via crafted input to the /osrest/api/organization/sendmail endpoint

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
enaio / appconnector cpe:2.3:a:enaio:appconnector:10.10.0.183:*:*:*:*:*:*:*
enaio / appconnector cpe:2.3:a:enaio:appconnector:11.0.0.183:*:*:*:*:*:*:*
enaio / appconnector cpe:2.3:a:enaio:appconnector:11.10.0.183:*:*:*:*:*:*:*

References