Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025
Disclosure of sensitive information in Horde Groupware
CVE-2025-41066
Description
Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the specified user exists, the server will return the download of an empty file; if it does not exist, no download will be initiated, which unequivocally reveals the validity of the user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 5.2.2+ 1 more
- (no CPE)range: = 5.2.2
- (no CPE)range: 5.2.22
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.