CVE-2025-52373
4.6MEDIUMUse of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
게시됨: 7/21/2025업데이트됨: 8/7/2025
설명
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
AI 분석AI 기반
영향받는 제품
hmailserverhmailserver
5.6.9
hmailserverhmailserver
5.8.6
참조
- https://github.com/hmailserver/hmailserverProduct
- https://github.com/mojibake-dev/hMailEnumExploitThird Party Advisory
- https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52373.mdExploitThird Party Advisory