PT-2025-29438 · Otrs Ag · Otrs
David Silva
·
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2025-24391
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OTRS versions 7.0.X
OTRS versions 8.0.X
OTRS versions 2023.X
OTRS versions 2024.X
OTRS versions 2025.X
Description:
A flaw in the External Interface of OTRS allows attackers to determine the existence of user accounts by analyzing different HTTP response codes and messages. This enables systematic identification of valid email addresses.
Recommendations:
OTRS versions 7.0.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OTRS versions 8.0.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OTRS versions 2023.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OTRS versions 2024.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OTRS versions 2025.X: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otrs