CVE-2025-70038 — HIGH (8.8)

Vulnerability Description

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linagora	Twake	2023.q1.1223

Related Weaknesses (CWE)

CWE-79

References

https://gist.github.com/zcxlighthouse/e0ebb66220ae3c61a24288eb78402c42Third Party Advisory
https://github.com/linagoraProduct
https://github.com/linagora/TwakeProduct

FAQ

What is CVE-2025-70038?

CVE-2025-70038 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.

How severe is CVE-2025-70038?

CVE-2025-70038 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-70038?

Check the references section above for vendor advisories and patch information. Affected products include: Linagora Twake.