CVE-2026-25512

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5

Description Group-Office is a customer relationship management and groupware tool susceptible to remote code execution (RCE). The /email/message/tnefAttachmentFromTempFile endpoint directly incorporates the user-controlled tmp file parameter into an exec() function call. An authenticated attacker can inject shell metacharacters into the tmp file parameter, enabling the execution of arbitrary system commands on the server.

Recommendations Update Group-Office to version 6.8.150 or later. Update Group-Office to version 25.0.82 or later. Update Group-Office to version 26.0.5 or later.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-25512

GHSA-579W-JVG7-FRR4

Affected Products

Group-Office

CVE-2026-25512

Weakness Enumeration

Related Identifiers

Affected Products

References · 10