CVE-2025-53909
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-53909
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53909.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-53909
- Aliases
-
- GHSA-8p7g-6cjj-wr9m
- Published
- 2025-07-17T14:15:32Z
- Modified
- 2025-07-29T11:25:02.535372Z
- Summary
- [none]
- Details
-
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.
- References
Affected packages
Git / github.com/mailcow/mailcow-dockerized
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mailcow/mailcow-dockerized
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
2022-01
2022-01a
2022-03
2022-03a
2022-04
2022-05
2022-05a
2022-05b
2022-05c
2022-05d
2022-06
2022-06a
2022-06b
2022-07
2022-07a
2022-08
2022-08a
2022-08b
2022-09
2022-09a
2022-10
2022-10a
2022-11
2022-11a
2022-11b
2022-12
2022-12a
2022-12b
2023-01
2023-01a
2023-02
2023-02a
2023-03
2023-04
2023-04a
2023-04b
2023-05
2023-05a
2023-07
2023-07a
2023-08
2023-09
2023-10
2023-10a
2023-11
2023-11a
2023-12
2023-12a
2024-01
2024-01a
2024-01b
2024-01c
2024-01d
2024-01e
2024-02
2024-04
2024-06
2024-06a
2024-06b
2024-06c
2024-07
2024-08
2024-08a
2024-11
2024-11a
2024-11b