PT-2025-13579 · Unknown · Esafenet Cdg+1

207556249

Published

2025-03-28

Updated

2025-03-31

CVE-2025-2927

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ESAFENET CDG version 5.6.3.154.205 Coremail Mail Server (affected versions not specified)

Description A critical issue has been identified, allowing for SQL injection through the manipulation of the typename argument in an unknown function of the file /parameter/getFileTypeList.jsp. This can be exploited remotely. The issue has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations For ESAFENET CDG version 5.6.3.154.205, consider restricting access to the /parameter/getFileTypeList.jsp file to minimize the risk of exploitation. For Coremail Mail Server, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-2927

Affected Products

Coremail Mail Server

Esafenet Cdg

PT-2025-13579 · Unknown · Esafenet Cdg+1

CVE-2025-2927

Weakness Enumeration

Related Identifiers

Affected Products

References · 12