FKIE_CVE-2025-50340

Vulnerability from fkie_nvd - Published: 2025-08-04 20:15 - Updated: 2025-08-15 19:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system. NOTE: this is disputed by the Supplier because the only effective way to prevent this sender spoofing is on the SMTP server, not within a client such as SOGo.
References
cve@mitre.orghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110604
cve@mitre.orghttps://github.com/millad7/SOGo_web_mail-vulnerability-CVE-2025-50340
cve@mitre.orghttps://www.mail-archive.com/users%40sogo.nu/msg34098.html
cve@mitre.orghttps://www.sogo.nu/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system. NOTE: this is disputed by the Supplier because the only effective way to prevent this sender spoofing is on the SMTP server, not within a client such as SOGo."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 una vulnerabilidad de Referencia Directa a Objetos Insegura (IDOR) en SOGo Webmail hasta la versi\u00f3n 5.6.0, que permite a un usuario autenticado enviar correos electr\u00f3nicos en nombre de otros usuarios manipulando un identificador controlado por el usuario en la solicitud de env\u00edo. El servidor no verifica si el usuario autenticado est\u00e1 autorizado a usar la identidad del remitente especificado, lo que resulta en la entrega no autorizada de mensajes como si fueran de otro usuario. Esto puede provocar suplantaci\u00f3n de identidad, phishing o comunicaci\u00f3n no autorizada dentro del sistema."
    }
  ],
  "id": "CVE-2025-50340",
  "lastModified": "2025-08-15T19:15:34.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-04T20:15:30.673",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110604"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/millad7/SOGo_web_mail-vulnerability-CVE-2025-50340"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.mail-archive.com/users%40sogo.nu/msg34098.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.sogo.nu/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.