PT-2025-30302 · Unknown · Hmailserver
Eli Samara
·
Published
2025-07-21
·
Updated
2025-07-21
·
CVE-2025-52374
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
hMailServer versions 5.6.9-beta through 5.8.6
Description
The software uses a hardcoded cryptographic key in the
Encryption.cs file. This allows an attacker to decrypt passwords for other servers stored in the hMailAdmin.exe.config file, potentially granting access to other hMailServer admin consoles with configured connections.Recommendations
Update hMailServer to a version newer than 5.8.6.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hmailserver