CVE 9.1 CRITICAL

CVE-2025-56425_CVE-2025-56425

January 9, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Description

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated remote attackers to inject arbitrary SMTP commands via crafted input to the /osrest/api/organization/sendmail endpoint

AI Analysis

SMTP Injection Vulnerability in enaio AppConnector component

Basic Information

ID CVE-2025-56425

Source mitre

Published Jan 8, 2026 at 00:00

Modified Jan 9, 2026 at 18:38

Affected Product

Vendor Optimal Systems

Product enaio

Version 10.10.0.183, 11.0.0.183, 11.10.0.183

Affected Versions n/a n/a n/a

CWE Classification

CWE-77

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Optimal Systems

Product enaio AppConnector

Version 10.10.0.183, 11.0.0.183, 11.10.0.183

References

{
    "lastseen": "",
    "description": "An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated remote attackers to inject arbitrary SMTP commands via crafted input to the /osrest/api/organization/sendmail endpoint",
    "published": "2026-01-08T00:00:00.000Z",
    "modified": "2026-01-09T18:38:32.265Z",
    "type": "cve",
    "title": "CVE-2025-56425",
    "source": "mitre",
    "references": "https://www.optimal-systems.de/enaio\nhttps://mind-bytes.de/smtp-injection-in-enaio-component-appconnector-cve-2025-56425/",
    "id": "CVE-2025-56425",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "enaio",
    "version": "10.10.0.183, 11.0.0.183, 11.10.0.183",
    "vendor": "Optimal Systems",
    "ai_description": "SMTP Injection Vulnerability in enaio AppConnector component",
    "ai_severity": "Critical",
    "ai_vendor": "Optimal Systems",
    "ai_product": "enaio AppConnector",
    "ai_version": "10.10.0.183, 11.0.0.183, 11.10.0.183",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply