CVE-2025-50340

Name of the Vulnerable Software and Affected Versions SOGo Webmail versions through 5.6.0

Description An Insecure Direct Object Reference (IDOR) vulnerability allows an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server does not verify if the authenticated user is authorized to use the specified sender identity, leading to unauthorized message delivery. This can result in impersonation, phishing, or unauthorized communication.

Recommendations Update SOGo Webmail to a version newer than 5.6.0.