CVE Vulnerabilities

CVE-2025-48046

Password in Configuration File

Published: May 29, 2025 | Modified: May 29, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.

Weakness

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

Potential Mitigations

References