Vulnerability Details CVE-2025-52373
Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.2%
CVSS Severity
CVSS v3 Score 4.6
Products affected by CVE-2025-52373
-
cpe:2.3:a:hmailserver:hmailserver:5.6.9
-
cpe:2.3:a:hmailserver:hmailserver:5.8.6