Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Oct 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mailcow mailcow\
|
|
CPEs | cpe:2.3:a:mailcow:mailcow\:_dockerized:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mailcow mailcow\
|
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 12 Feb 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 12 Feb 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the `Host HTTP` header to generate a password reset link pointing to an attacker-controlled domain. This can lead to account takeover if a user clicks the poisoned link. Version 2025-01a contains a patch. As a workaround, deactivate the password reset functionality by clearing `Notification email sender` and `Notification email subject` under System -> Configuration -> Options -> Password Settings. | |
Title | mailcow: dockerized vulnerable to password reset poisoning | |
Weaknesses | CWE-601 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-02-12T19:52:25.823Z
Reserved: 2025-02-03T19:30:53.400Z
Link: CVE-2025-25198

Updated: 2025-02-12T19:51:54.178Z

Status : Analyzed
Published: 2025-02-12T18:15:27.757
Modified: 2025-10-01T17:39:39.557
Link: CVE-2025-25198

No data.

Updated: 2025-07-12T15:26:13Z