How severe is CVE-2025-52373?

CVE-2025-52373 has a CVSS v3 score of 4.6 (MEDIUM).

CVE-2025-52373

Name: hmailserver
Author: hmailserver

4.6MEDIUM

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.

公開日: 7/21/2025更新日: 8/7/2025

説明

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.

AI分析AIによる分析

影響を受ける製品

hmailserverhmailserver

5.6.9

hmailserverhmailserver

5.8.6

参照

https://github.com/hmailserver/hmailserver
Product
https://github.com/mojibake-dev/hMailEnum
ExploitThird Party Advisory
https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52373.md
ExploitThird Party Advisory