Group-Office: >> Group Office >> 25.0.16 Security Vulnerabilities
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php
CVSS Score
8.8
EPSS Score
0.004
Published
2025-11-13
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-08-21
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-08-21