CVE-2024-25582

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions up to 7.10.6-rev42

Description The issue allows attackers to inject references to malicious code delivered through the same domain, potentially leading to malicious API requests or extraction of user account information. Exploitation requires temporary access to an account or successful social engineering to trick a user into following a link to a malicious account. The savepoint module path has been restricted to prevent abuse.

Recommendations For Open-Xchange OX App Suite versions up to 7.10.6-rev42: deploy the provided updates and patch releases to mitigate the risk. As a temporary workaround, consider restricting access to the savepoint module until a patch is applied.