CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.znuny.org/en/advisories/zsa-2025-07	Vendor Advisory
https://znuny.com	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:znuny:znuny:::::-:::*
	cpe:2.3:a:znuny:znuny:::::-:::*

History

12 Jun 2025, 16:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-08 16:15

Updated : 2025-06-12 16:44

NVD link : CVE-2025-43926

Mitre link : CVE-2025-43926

CVE.ORG link : CVE-2025-43926

JSON object : View

Products Affected

znuny

znuny

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-43926", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-05-08T16:15:26.317", "references": [{"url": "https://www.znuny.org/en/advisories/zsa-2025-07", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://znuny.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Znuny hasta la versi\u00f3n 6.5.14 y de la 7.x a la 7.1.6. Las llamadas AJAX personalizadas a la subacci\u00f3n AgentPreferences UpdateAJAX permiten configurar las preferencias del usuario con claves arbitrarias. Al obtener datos del usuario mediante GetUserData, estas claves y valores se recuperan y se entregan en conjunto a otras llamadas de funci\u00f3n, que podr\u00edan usar estas claves/valores para modificar permisos u otras configuraciones."}], "lastModified": "2025-06-12T16:44:04.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE6EEAD-6B04-4C77-B2C5-F3664B3ACBA6", "versionEndIncluding": "6.5.14"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "56F16A91-751A-457A-9DAE-9B5600B4DE82", "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}