Vulnerability Description
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage exhaustion for targeted users, reputation damage to the SMTP server, potentially causing it to be blacklisted, and overload of the SMTP server's outbound mail queue.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-48738?
CVE-2025-48738 is a documented vulnerability. An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password...
How severe is CVE-2025-48738?
CVSS scoring is not yet available for CVE-2025-48738. Check NVD for updates.
Is there a patch for CVE-2025-48738?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.