logo_clicknbuy.png

CVE-2025-1741 – BigMail Remote PHP Object Injection Vulnerability

The following table lists the changes that have been made to the
CVE-2025-1741 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Feb. 27, 2025

    Action Type Old Value New Value
    Added Description A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched remotely. Upgrading to version 7.4.1-pl2 is able to address this issue. The identifier of the patch is 4816c8b748f6a5b965c8994e2cf10861bf6e68aa. It is recommended to upgrade the affected component. The vendor acted highly professional and even fixed this issue in the discontinued commercial edition as b1gMail 7.4.0-pl3.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:N/AC:L/Au:M/C:P/I:P/A:P)
    Added CWE CWE-20
    Added CWE CWE-502
    Added Reference https://gist.github.com/mcdruid/cb0b848c12fd6a6bc0c1b3357b983d30
    Added Reference https://github.com/b1gMail-OSS/b1gMail/commit/4816c8b748f6a5b965c8994e2cf10861bf6e68aa
    Added Reference https://github.com/b1gMail-OSS/b1gMail/releases/tag/7.4.1-pl2
    Added Reference https://vuldb.com/?ctiid.297829
    Added Reference https://vuldb.com/?id.297829
    Added Reference https://vuldb.com/?submit.505838
    Added Reference https://www.b1gmail.eu/forum/thread/217-security-update-to-b1gmail-7-4-1-released/
Share the Post:

Related Posts