CVE-2025-5323

Name of the Vulnerable Software and Affected Versions fossasia open-event-server version 1.19.1

Description A problematic issue has been found in the Mail Verification Handler component, specifically affecting the send email change user email function. This issue leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking, allowing for potential remote attacks. The complexity of an attack is rather high, and the exploitation is known to be difficult.

Recommendations For fossasia open-event-server version 1.19.1, consider disabling the send email change user email function until a patch is available to prevent potential exploitation. Restrict access to the Mail Verification Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.