Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built‑in debug system, turning it into a visible SSRF. This also allows full server-side file read. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
References
| Link | Resource |
|---|---|
| https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3c2af42b3 | Patch |
| https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm | Exploit Vendor Advisory |
| https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Feb 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3c2af42b3 - Patch | |
| References | () https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm - Exploit, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
| CPE | cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:* | |
| First Time |
Group-office group Office
Group-office |
05 Feb 2026, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm - |
04 Feb 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-04 21:16
Updated : 2026-02-11 19:16
NVD link : CVE-2026-25511
Mitre link : CVE-2026-25511
CVE.ORG link : CVE-2026-25511
JSON object : View
Products Affected
group-office
- group_office
CWE
CWE-918
Server-Side Request Forgery (SSRF)