CVE-2025-41066

NameCVE-2025-41066
DescriptionHorde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1123000

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-horde-groupware (PTS)sid, bookworm, bullseye5.2.22-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-horde-groupwaresource(unstable)(unfixed)1123000

Notes

[bookworm] - php-horde-groupware <no-dsa> (Minor issue)
[bullseye] - php-horde-groupware <no-dsa> (Minor issue)
https://www.incibe.es/en/incibe-cert/notices/aviso/disclosure-sensitive-information-horde-groupware
Search for package or bug name: Reporting problems