Description

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.

INFO

Published Date :

2025-07-17T13:47:26.179Z

Last Modified :

2025-07-17T19:54:59.975Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53909 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53909.

URL Resource
https://github.com/mailcow/mailcow-dockerized/commit/8c5f6c03214a4b2bdbf3c78932f860eee949012b cve-icon cve-icon
https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-8p7g-6cjj-wr9m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact