Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
References
| Link | Resource |
|---|---|
| http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792 | Patch |
| https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4 | Exploit Vendor Advisory |
| https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Feb 2026, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792 - Patch | |
| References | () https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4 - Exploit, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:* | |
| First Time |
Group-office group Office
Group-office |
05 Feb 2026, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4 - |
04 Feb 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-04 21:16
Updated : 2026-02-11 19:15
NVD link : CVE-2026-25512
Mitre link : CVE-2026-25512
CVE.ORG link : CVE-2026-25512
JSON object : View
Products Affected
group-office
- group_office
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')