CNNVD-202508-254 Information

CNNVD ID

CNNVD-202508-254

Related CVE

CVE-2025-50340

• CNNVD Published: 2025-08-04

Description (Chinese)

SOGo Webmail是SOGo开源的一个网页邮件和协作系统。 SOGo Webmail 5.6.0及之前版本存在安全漏洞，该漏洞源于不安全的直接对象引用，可能导致经过身份验证的用户冒充其他用户发送邮件。

Description (English)

SOGO Webmail is an open-source web-based mail and collaboration system for SOGO. SOGOWebmail 5.6.0 and previous versions contain a security loophole, which originates from unsafe direct-object references and may lead to identity-certified users posing as other users.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

SOGo

Published

2025-08-04

Last Modified

2026-02-24

References

https://www.sogo.nu/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110604 https://github.com/millad7/SOGo_web_mail-vulnerability-CVE-2025-50340 https://www.mail-archive.com/users%40sogo.nu/msg34098.html https://access.redhat.com/security/cve/cve-2025-50340

Patch

https://www.sogo.nu/download.html#/backend