Information disclosure in Horde Groupware

CVE-2025-41066

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment…

Vulnerability class: Information Disclosure

EPSS: 0.001 (15.8th percentile) — read the EPSS interpretation.