Unknown · Hmailserver · CVE-2025-52373
**Name of the Vulnerable Software and Affected Versions**
hMailServer versions 5.6.9-beta
hMailServer versions 5.8.6
**Description**
The software contains a hardcoded cryptographic key in the BlowFish.cpp file. This allows an attacker to decrypt passwords used in database connections from the hMailServer.ini configuration file.
**Recommendations**
For hMailServer version 5.6.9-beta, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For hMailServer version 5.8.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.