Vulnerability Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Group-Office | Group Office | < 6.8.150 |
Related Weaknesses (CWE)
References
- http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9Patch
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4ExploitVendor Advisory
- https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4ExploitVendor Advisory
FAQ
What is CVE-2026-25512?
CVE-2026-25512 is a vulnerability with a CVSS score of 8.8 (HIGH). Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office....
How severe is CVE-2026-25512?
CVE-2026-25512 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25512?
Check the references section above for vendor advisories and patch information. Affected products include: Group-Office Group Office.