CVE-2025-24388

Name of the Vulnerable Software and Affected Versions OTRS versions prior to 8 OTRS Community Edition version 6.0.x

Description A vulnerability in the OTRS Admin Interface and Agent Interface allows parameter injection for an authenticated agent or admin user. This issue affects several versions of OTRS, including OTRS 7.0.X, OTRS 8.0.X, OTRS 2023.X, OTRS 2024.X, and OTRS 2025.X. Products based on the OTRS Community Edition are also likely to be affected.

Recommendations For OTRS versions prior to 8, update to version 8 or later to resolve the issue. For OTRS Community Edition version 6.0.x, consider upgrading to a newer version or applying available patches to mitigate the risk. As a temporary workaround, consider restricting access to the Admin Interface and Agent Interface for authenticated agents and admin users until a patch is available.