Incorrect Authorization vulnerability in OpenText™... · CVE-2025-0885 · GitHub Advisory Database · GitHub

Incorrect Authorization vulnerability in OpenText™...

Low severity Unreviewed Published Jul 3, 2025 to the GitHub Advisory Database • Updated Jul 3, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels.

The vulnerability could allow unauthorized access to calendar items marked private.

This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 24.4.

References

Published by the National Vulnerability Database

Jul 3, 2025

Published to the GitHub Advisory Database Jul 3, 2025

Last updated Jul 3, 2025

Severity

Low

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity Low

Attack Requirements Present

Privileges Required High

User interaction None

Vulnerable System Impact Metrics

Confidentiality Low

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:D/RE:L/U:Green