Search for vulnerabilities
Vulnerability details: VCID-xehp-7egv-nuan
Vulnerability ID VCID-xehp-7egv-nuan
Aliases CVE-2024-48938
Summary Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1333 Inefficient Regular Expression Complexity
System Score Found at
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2024-48938
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-48938
cvssv3.1 7.5 https://www.znuny.com
ssvc Track https://www.znuny.com
cvssv3.1 7.5 https://www.znuny.org/en/advisories
ssvc Track https://www.znuny.org/en/advisories
cvssv3.1 7.5 https://www.znuny.org/en/advisories/zsa-2024-04
ssvc Track https://www.znuny.org/en/advisories/zsa-2024-04
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-48938
https://www.znuny.com
https://www.znuny.org/en/advisories
https://www.znuny.org/en/advisories/zsa-2024-04
cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
CVE-2024-48938 https://nvd.nist.gov/vuln/detail/CVE-2024-48938
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-48938
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.znuny.com
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/ Found at https://www.znuny.com
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.znuny.org/en/advisories
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/ Found at https://www.znuny.org/en/advisories
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.znuny.org/en/advisories/zsa-2024-04
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/ Found at https://www.znuny.org/en/advisories/zsa-2024-04
Exploit Prediction Scoring System (EPSS)
Percentile 0.57804
EPSS Score 0.00366
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T13:57:16.399626+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 36.1.3