CVE-2025-52373

Published
View on NVD ↗
CVSS v3
4.6
MEDIUM
CVSS v2
N/A
Affected
3
PROJECTS

Description

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.

hmailserver/hmailserver
hmailserver/hmailserver
GitHubGitHub
993
mojibake-dev/hMailEnum
mojibake-dev/hMailEnum
Proof of Concept for 3 Vulnerabilities in how hMailServer handles various credentials
GitHubGitHub
mojibake-dev/mojibake-CVE
mojibake-dev/mojibake-CVE
Quick reference for my discovered CVE advisories
GitHubGitHub