Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The SSRF response body can be exfiltrated via the built‑in debug system, turning it into a visible SSRF. This also allows full server-side file read. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Group-Office | Group Office | >= 6.8.0, < 6.8.150 |
Related Weaknesses (CWE)
References
- https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3Patch
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pmExploitVendor Advisory
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pmExploitVendor Advisory
FAQ
What is CVE-2026-25511?
CVE-2026-25511 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigg...
How severe is CVE-2026-25511?
CVE-2026-25511 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25511?
Check the references section above for vendor advisories and patch information. Affected products include: Group-Office Group Office.