CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.znuny.com	Product
https://www.znuny.org/en/advisories/zsa-2025-06	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::-:::*

History

16 May 2025, 15:39

Type	Values Removed	Values Added
First Time		Znuny Znuny znuny
References	~~() https://www.znuny.com -~~	() https://www.znuny.com - Product
References	~~() https://www.znuny.org/en/advisories/zsa-2025-06 -~~	() https://www.znuny.org/en/advisories/zsa-2025-06 - Vendor Advisory
CPE		cpe:2.3:a:znuny:znuny:::::-:::* cpe:2.3:a:znuny:znuny:::::lts:::*
CVSS	v2 : ~~unknown~~ v3 : ~~9.1~~	v2 : unknown v3 : 7.5

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema en Znuny antes de la versión 7.1.5. Al generar un paquete de soporte, no se enmascaran todas las contraseñas.

08 May 2025, 19:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CWE		CWE-521

08 May 2025, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-08 17:16

Updated : 2025-05-16 15:39

NVD link : CVE-2025-26847

Mitre link : CVE-2025-26847

CVE.ORG link : CVE-2025-26847

JSON object : View

Products Affected

znuny

znuny

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2025-26847", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-05-08T17:16:01.633", "references": [{"url": "https://www.znuny.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.znuny.org/en/advisories/zsa-2025-06", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Znuny antes de la versi\u00f3n 7.1.5. Al generar un paquete de soporte, no se enmascaran todas las contrase\u00f1as."}], "lastModified": "2025-05-16T15:39:00.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C85307-00AF-4C04-A3AC-FF4E89DA8DD8", "versionEndIncluding": "6.0.48", "versionStartIncluding": "6.0.31"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "34E09832-A83E-423C-A97B-57E0B650FD25", "versionEndIncluding": "6.5.14", "versionStartIncluding": "6.5.1"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "56F16A91-751A-457A-9DAE-9B5600B4DE82", "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}