CVE-2025-52374 Information
Jul 22, 2025
cve
Description
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.
Reference
https://github.com/hmailserver/hmailserver https://github.com/mojibake-dev/hMailEnum https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52374.md
Related CNNVD
CNNVD-202507-2669 (Published: 2025-07-21)
Share on: