CVE-2025-52374
Published
CVSS v3
4.6
MEDIUM
CVSS v2
N/A
Affected
3
PROJECTS
Description
Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.
GitHubProof of Concept for 3 Vulnerabilities in how hMailServer handles various credentials
GitHub