CVE-2025-5323
LOWDescription
A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-5323? +
How severe is CVE-2025-5323? +
How do I check if I'm vulnerable to CVE-2025-5323? +
Related Vulnerabilities
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum …
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to …
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to …
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This …
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0, refresh shares …
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp …