CVE 8.8 HIGH

CVE-2025-63406_CVE-2025-63406

November 14, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php

AI Analysis

Remote code execution vulnerability in GroupOffice via dbToApi() and eval() in FunctionField.php

Basic Information

ID CVE-2025-63406

Source mitre

Published Nov 13, 2025 at 00:00

Modified Nov 14, 2025 at 16:58

Affected Product

Vendor Intermesh BV

Product GroupOffice

Version before v.25.0.47, 6.8.136

Affected Versions n/a n/a n/a

CWE Classification

CWE-77

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Intermesh BV

Product GroupOffice

Version before v.25.0.47, 6.8.136

References

noahheraud.com /posts/CVE-2025-63406/

{
    "lastseen": "",
    "description": "An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php",
    "published": "2025-11-13T00:00:00.000Z",
    "modified": "2025-11-14T16:58:27.719Z",
    "type": "cve",
    "title": "CVE-2025-63406",
    "source": "mitre",
    "references": "https://noahheraud.com/posts/CVE-2025-63406/",
    "id": "CVE-2025-63406",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GroupOffice",
    "version": "before v.25.0.47, 6.8.136",
    "vendor": "Intermesh BV",
    "ai_description": "Remote code execution vulnerability in GroupOffice via dbToApi() and eval() in FunctionField.php",
    "ai_severity": "High",
    "ai_vendor": "Intermesh BV",
    "ai_product": "GroupOffice",
    "ai_version": "before v.25.0.47, 6.8.136",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply