Critical severity9.1NVD Advisory· Published Aug 21, 2025· Updated Apr 15, 2026

CVE-2024-45438

Description

An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level actions using a crafted GET request. Notably, when a non-existent email address is provided as part of the email parameter, SpamTitan will automatically create a user record and associate quarantine settings with it - all without requiring authentication.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2025/Sep/15nvd
docs.titanhq.com/en/13161-spamtitan-release-notes.htmlnvd
seclists.org/fulldisclosure/2025/Sep/15nvd
www.seralys.com/research/CVE-2024-45438.txtnvd
www.titanhq.com/email-protection/nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000