{"uuid": "a79b754d-9252-4580-8912-42f39c854661", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "Additional information", "description": "Microsoft discovered critical vulnerability CVE-2025-27920 affecting the messaging application Output Messenger. Microsoft additionally observed exploitation of the vulnerability since April 2024. According to Microsoft, the attacker needs to be authenticated, although the Output Messenger advisory indicates that privileges are not required to exploit the vulnerability.  An attacker could upload malicious files into the server\u2019s startup directory by exploiting this directory traversal vulnerability. This allows an attacker to gain indiscriminate access to the communications of every  user,  steal  sensitive  data  and  impersonate  users, possibly  leading to  operational  disruptions, unauthorized access to internal systems, and widespread credential compromise.", "description_format": "markdown", "vulnerability": "CVE-2025-27920", "creation_timestamp": "2025-05-14T08:54:41.802843+00:00", "timestamp": "2025-05-14T08:54:41.802843+00:00", "related_vulnerabilities": ["CVE-2025-27920"], "meta": [{"tags": ["vulnerability:exploitability=documented"]}], "author": {"login": "Belspo", "name": "Patrick Boulvin", "uuid": "a40346b5-0a0c-4e58-879d-7656391613e4"}}