Group-office Group Office — known CVE vulnerabilities
Every CVE whose affected-product data names Group-office Group Office, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-63406 — CVSS 8.8 (high): An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the…
CVE-2026-25134 — CVSS 8.8 (high): Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the…
CVE-2026-25512 — CVSS 8.8 (high): Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is…
CVE-2023-46730 — CVSS 7.4 (high): Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability…
CVE-2024-22418 — CVSS 6.5 (medium): Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload…
CVE-2023-25292 — CVSS 6.1 (medium): Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain…
CVE-2025-25191 — CVSS 5.4 (medium): Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not…
CVE-2024-23941 — CVSS 5.4 (medium): Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a…
CVE-2020-35418 — CVSS 5.4 (medium): Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
CVE-2025-53504 — CVSS 5.4 (medium): Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this…
CVE-2026-23887 — CVSS 5.4 (medium): Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through…
CVE-2025-53505 — CVSS 5.3 (medium): Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this…
CVE-2021-28060 — CVSS 5.3 (medium): A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs…
CVE-2026-25511 — CVSS 4.9 (medium): Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an…