CVE-2026-25512
- Source
- https://cve.org/CVERecord?id=CVE-2026-25512
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25512.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-25512
- Aliases
-
- GHSA-579w-jvg7-frr4
- Published
- 2026-02-04T20:39:08.039Z
- Modified
- 2026-03-13T04:10:57.838473Z
- Severity
-
- 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler
- Details
-
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec() call. By injecting shell metacharacters into tmpfile, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25512.json" }- References
-
- http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25512.json
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4
- https://nvd.nist.gov/vuln/detail/CVE-2026-25512
Affected packages
Git / github.com/intermesh/groupoffice
Affected ranges
- Type
- GIT
- Repo
- http://github.com/intermesh/groupoffice
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed47e71723522bd1bd738817a0dae1184e1740e7a3Fixed7dc617b95993d33a87dd9306d16b981cacc58becFixed2df647666712de52e4178d1feccc06ca84ebb62b
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "6.8.150" }, { "fixed": "25.0.82" }, { "fixed": "26.0.5" } ] }
Affected versions
v25.*
v25.0.8
v6.*
v6.2.85
v6.2.87
v6.2.88
v6.2.89
v6.2.90
v6.2.91
v6.2.92
v6.2.93
v6.2.94
v6.2.95
v6.3.1
v6.3.10
v6.3.11
v6.3.12
v6.3.14
v6.3.15
v6.3.16
v6.3.17
v6.3.18
v6.3.19
v6.3.2
v6.3.20
v6.3.21
v6.3.29
v6.3.3
v6.3.30
v6.3.31
v6.3.32
v6.3.33
v6.3.34
v6.3.35
v6.3.36
v6.3.37
v6.3.38
v6.3.4
v6.3.41
v6.3.42
v6.3.43
v6.3.44
v6.3.45
v6.3.47
v6.3.48
v6.3.49
v6.3.5
v6.3.50
v6.3.6
v6.3.7
v6.3.71
v6.3.72
v6.3.73
v6.3.74
v6.3.75
v6.3.76
v6.3.77
v6.3.78
v6.3.79
v6.3.8
v6.3.80
v6.3.81
v6.3.93
v6.3.94
v6.3.96
v6.4.156
v6.4.157
v6.4.158
v6.4.159
v6.4.160
v6.4.161
v6.4.162
v6.4.165
v6.4.170
v6.4.171
v6.4.172
v6.4.173
v6.4.174
v6.4.175
v6.4.176
v6.4.177
v6.4.178
v6.4.179
v6.4.180
v6.4.181
v6.4.182
v6.4.183
v6.4.184
v6.4.185
v6.4.186
v6.4.187
v6.4.188
v6.4.189
v6.4.190
v6.4.191
v6.4.192
v6.4.193
v6.4.194
v6.4.195
v6.4.196
v6.4.197
v6.4.198
v6.4.199
v6.4.200
v6.4.201
v6.4.202
v6.4.203
v6.4.204
v6.4.205
v6.4.206
v6.4.207
v6.4.208
v6.4.209
v6.4.21
v6.4.210
v6.4.211
v6.4.212
v6.4.213
v6.4.215
v6.4.216
v6.4.217
v6.4.218
v6.4.219
v6.4.22
v6.4.220
v6.4.221
v6.4.222
v6.4.223
v6.4.224
v6.4.225
v6.4.226
v6.4.227
v6.4.228
v6.4.229
v6.4.23
v6.4.230
v6.4.231
v6.4.232
v6.4.233
v6.4.234
v6.4.235
v6.4.236
v6.4.237
v6.4.238
v6.4.239
v6.4.240
v6.4.241
v6.4.242
v6.4.243
v6.4.244
v6.4.245
v6.4.246
v6.4.25
v6.4.26
v6.4.27
v6.4.28
v6.4.29
v6.4.30
v6.4.31
v6.4.32
v6.4.33
v6.4.34
v6.4.35
v6.4.36
v6.4.37
v6.4.38
v6.4.39
v6.4.40
v6.4.41
v6.4.42
v6.4.43
v6.4.44
v6.4.45
v6.4.49
v6.4.50
v6.4.51
v6.5.100
v6.5.101
v6.5.102
v6.5.103
v6.5.104
v6.5.105
v6.5.106
v6.5.107
v6.5.108
v6.5.109
v6.5.110
v6.5.30
v6.5.31
v6.5.32
v6.5.33
v6.5.34
v6.5.35
v6.5.36
v6.5.37
v6.5.38
v6.5.39
v6.5.40
v6.5.41
v6.5.42
v6.5.43
v6.5.44
v6.5.45
v6.5.46
v6.5.47
v6.5.48
v6.5.49
v6.5.50
v6.5.51
v6.5.52
v6.5.53
v6.5.54
v6.5.55
v6.5.56
v6.5.57
v6.5.58
v6.5.59
v6.5.60
v6.5.61
v6.5.62
v6.5.63
v6.5.64
v6.5.65
v6.5.66
v6.5.67
v6.5.68
v6.5.69
v6.5.70
v6.5.71
v6.5.72
v6.5.73
v6.5.74
v6.5.75
v6.5.76
v6.5.77
v6.5.78
v6.5.79
v6.5.80
v6.5.81
v6.5.82
v6.5.83
v6.5.84
v6.5.85
v6.5.86
v6.5.88
v6.5.89
v6.5.90
v6.5.91
v6.5.92
v6.5.93
v6.5.94
v6.5.95
v6.5.96
v6.5.97
v6.5.98
v6.5.99
v6.6.100
v6.6.101
v6.6.102
v6.6.103
v6.6.104
v6.6.105
v6.6.106
v6.6.107
v6.6.108
v6.6.109
v6.6.110
v6.6.111
v6.6.112
v6.6.113
v6.6.114
v6.6.115
v6.6.116
v6.6.117
v6.6.118
v6.6.119
v6.6.120
v6.6.121
v6.6.122
v6.6.123
v6.6.124
v6.6.125
v6.6.126
v6.6.127
v6.6.128
v6.6.129
v6.6.130
v6.6.131
v6.6.132
v6.6.133
v6.6.134
v6.6.135
v6.6.136
v6.6.137
v6.6.138
v6.6.139
v6.6.140
v6.6.141
v6.6.142
v6.6.143
v6.6.144
v6.6.145
v6.6.146
v6.6.147
v6.6.148
v6.6.149
v6.6.150
v6.6.151
v6.6.152
v6.6.153
v6.6.154
v6.6.155
v6.6.156
v6.6.157
v6.6.158
v6.6.159
v6.6.160
v6.6.161
v6.6.162
v6.6.163
v6.6.164
v6.6.165
v6.6.166
v6.6.167
v6.6.168
v6.6.169
v6.6.170
v6.6.171
v6.6.172
v6.6.173
v6.6.174
v6.6.175
v6.6.176
v6.6.177
v6.6.178
v6.6.179
v6.6.180
v6.6.181
v6.6.182
v6.6.183
v6.6.184
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7.0
v6.7.1
v6.7.10
v6.7.11
v6.7.12
v6.7.13
v6.7.14
v6.7.15
v6.7.16
v6.7.17
v6.7.18
v6.7.19
v6.7.2
v6.7.20
v6.7.22
v6.7.23
v6.7.24
v6.7.25
v6.7.26
v6.7.27
v6.7.28
v6.7.29
v6.7.3
v6.7.30
v6.7.31
v6.7.32
v6.7.33
v6.7.34
v6.7.35
v6.7.36
v6.7.37
v6.7.38
v6.7.39
v6.7.40
v6.7.41
v6.7.42
v6.7.43
v6.7.44
v6.7.45
v6.7.46
v6.7.47
v6.7.48
v6.7.49
v6.7.5
v6.7.50
v6.7.51
v6.7.52
v6.7.53
v6.7.54
v6.7.55
v6.7.56
v6.7.57
v6.7.58
v6.7.59
v6.7.6
v6.7.60
v6.7.61
v6.7.62
v6.7.63
v6.7.64
v6.7.65
v6.7.66
v6.7.67
v6.7.68
v6.7.69
v6.7.7
v6.7.70
v6.7.71
v6.7.72
v6.7.73
v6.7.74
v6.7.75
v6.7.76
v6.7.77
v6.7.78
v6.7.79
v6.7.8
v6.7.80
v6.7.81
v6.7.82
v6.7.83
v6.7.84
v6.7.9
v6.8.1
v6.8.10
v6.8.100
v6.8.101
v6.8.102
v6.8.103
v6.8.104
v6.8.105
v6.8.106
v6.8.107
v6.8.108
v6.8.109
v6.8.11
v6.8.110
v6.8.111
v6.8.112
v6.8.113
v6.8.114
v6.8.115
v6.8.116
v6.8.117
v6.8.118
v6.8.119
v6.8.12
v6.8.120
v6.8.121
v6.8.122
v6.8.123
v6.8.124
v6.8.125
v6.8.126
v6.8.127
v6.8.128
v6.8.129
v6.8.13
v6.8.130
v6.8.131
v6.8.132
v6.8.133
v6.8.134
v6.8.135
v6.8.136
v6.8.137
v6.8.138
v6.8.139
v6.8.14
v6.8.140
v6.8.141
v6.8.142
v6.8.143
v6.8.144
v6.8.145
v6.8.146
v6.8.147
v6.8.148
v6.8.149
v6.8.15
v6.8.16
v6.8.17
v6.8.18
v6.8.19
v6.8.20
v6.8.21
v6.8.22
v6.8.23
v6.8.24
v6.8.25
v6.8.26
v6.8.27
v6.8.28
v6.8.29
v6.8.3
v6.8.30
v6.8.31
v6.8.32
v6.8.33
v6.8.34
v6.8.35
v6.8.36
v6.8.37
v6.8.38
v6.8.39
v6.8.4
v6.8.40
v6.8.41
v6.8.42
v6.8.43
v6.8.44
v6.8.45
v6.8.46
v6.8.47
v6.8.48
v6.8.49
v6.8.5
v6.8.50
v6.8.52
v6.8.53
v6.8.54
v6.8.55
v6.8.56
v6.8.57
v6.8.58
v6.8.59
v6.8.6
v6.8.60
v6.8.61
v6.8.62
v6.8.63
v6.8.64
v6.8.65
v6.8.66
v6.8.67
v6.8.68
v6.8.69
v6.8.7
v6.8.70
v6.8.71
v6.8.72
v6.8.73
v6.8.74
v6.8.75
v6.8.76
v6.8.77
v6.8.78
v6.8.79
v6.8.8
v6.8.80
v6.8.81
v6.8.82
v6.8.83
v6.8.84
v6.8.85
v6.8.86
v6.8.87
v6.8.88
v6.8.89
v6.8.9
v6.8.90
v6.8.91
v6.8.92
v6.8.93
v6.8.94
v6.8.95
v6.8.96
v6.8.97
v6.8.98
v6.8.99
Git / github.com/intermesh/groupoffice
Affected ranges
- Type
- GIT
- Repo
- https://github.com/intermesh/groupoffice
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "6.8.150" }, { "introduced": "25.0.1" }, { "fixed": "25.0.82" }, { "introduced": "26.0.1" }, { "fixed": "26.0.5" } ] }
Affected versions
v25.*
v25.0.1
v25.0.8
v6.*
v6.8.100
v6.8.101
v6.8.102
v6.8.103
v6.8.104
v6.8.105
v6.8.106
v6.8.107
v6.8.108
v6.8.109
v6.8.110
v6.8.111
v6.8.112
v6.8.113
v6.8.114
v6.8.115
v6.8.116
v6.8.117
v6.8.118
v6.8.119
v6.8.120
v6.8.121
v6.8.122
v6.8.123
v6.8.124
v6.8.125
v6.8.126
v6.8.127
v6.8.128
v6.8.129
v6.8.130
v6.8.131
v6.8.132
v6.8.133
v6.8.134
v6.8.135
v6.8.136
v6.8.137
v6.8.138
v6.8.139
v6.8.140
v6.8.141
v6.8.142
v6.8.143
v6.8.144
v6.8.145
v6.8.146
v6.8.147
v6.8.148
v6.8.149
v6.8.95
v6.8.96
v6.8.97
v6.8.98
v6.8.99