CNNVD-202507-1849 Information

CNNVD ID

CNNVD-202507-1849

Related CVE

CVE-2025-24391

• CNNVD Published: 2025-07-14

Description (Chinese)

OTRS是德国OTRS公司的一个服务管理解决方案。 OTRS存在安全漏洞，该漏洞源于外部接口允许推断用户账户存在，可能导致识别有效电子邮件地址。以下版本受到影响：7.0.X版本、8.0.X版本、2023.X版本、2024.X版本和2025.X版本。

Description (English)

OTRS is a service management solution for OTRS, Germany. OTRS has a security loophole that originates from an external interface that allows extrapolation of the existence of a user account, which may lead to the identification of a valid e-mail address. The following versions were affected: 7.0.X, 8.0.X, 2023.X, 2024.X and 2025.X.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OURPHP

Published

2025-07-14

Last Modified

2026-02-24

References

https://otrs.com/release-notes/otrs-security-advisory-2025-07/ https://vigilance.fr/vulnerability/OTRS-Help-Desk-information-disclosure-via-HTTP-Response-Code-User-Enumeration-47708

Patch

https://otrs.com/release-notes/otrs-security-advisory-2025-07/