CVE-2025-24389— SMTP Password will be shown in cleartext on some SMTP errors
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-24389
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SMTP Password will be shown in cleartext on some SMTP errors
Source: NVD (National Vulnerability Database)
Vulnerability Description
Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
OTRS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OTRS是德国OTRS公司的一个服务管理解决方案。 OTRS存在安全漏洞,该漏洞源于上游库的某些错误会在OTRS日志机制中插入敏感信息,并将邮件发送给系统管理员。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OTRS AG | OTRS | 7.0.x | - | |
| OTRS AG | ((OTRS)) Community Edition | 6.0.x ~ 6.0.34 | - |
II. Public POCs for CVE-2025-24389
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-24389
请登录查看更多情报信息。
Same Patch Batch · OTRS AG · 2025-01-27 · 4 CVEs total
| CVE-2025-24390 | 6.8 MEDIUM | Missing Cookie Flags |
| CVE-2024-43445 | 5.4 MEDIUM | Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing |
| CVE-2024-43446 | 3.5 LOW | Improper check of permissions in Generic Interface |
IV. Related Vulnerabilities
Same weakness: CWE-532
- CVE-2026-44516
Valtimo: Sensitive data exposure through HTTP request/respon - CVE-2026-41219
BIG-IP QKView vulnerability - CVE-2026-8200
Schema validation log messages may not redact user data - CVE-2026-41018
Apache Airflow Providers Elasticsearch: Elasticsearch task-l - CVE-2026-43826
Apache Airflow Providers OpenSearch: OpenSearch task-log han
V. Comments for CVE-2025-24389
No comments yet