CVE-2026-25512

HIGH NUCLEI

Group-office Group Office < 6.8.150 - OS Command Injection

Title source: rule

Description

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.

Exploits (3)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25512

View Code ZIP pw:eip

nomisec WORKING POC

by mbanyamer · poc

https://github.com/mbanyamer/CVE-2026-25512-PoC-Group-Office-Authenticated-RCE

View Code ZIP pw:eip

nomisec WORKING POC

by NumberOreo1 · poc

https://github.com/NumberOreo1/CVE-2026-25512

View Code ZIP pw:eip

Nuclei Templates (1)

Group-Office < 26.0.5 - Remote Code Execution

CRITICALVERIFIEDby omarkurt

Shodan: title:"Group-Office"

FOFA: title="Group-Office"

References (2)

[Patch] http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792

[Exploit, Vendor Advisory] https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4

Scores

CVSS v3 8.8

EPSS 0.1354

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (1)

group-office/group_office < 6.8.150

Timeline

Published Feb 04, 2026

Tracked Since Feb 18, 2026