Security Advisory

CVE-2025-48738

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-23 00:00:00

Last updated 2025-05-23 21:20:50

Assigner mitre

State PUBLISHED

Description

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage exhaustion for targeted users, reputation damage to the SMTP server, potentially causing it to be blacklisted, and overload of the SMTP servers outbound mail queue.

← Browse all CVEs View on cve.org ↗