CVE-2026-25512
Vulnerability data via CVEDB (Shodan)
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmp_file into an exec() call. By injecting shell metacharacters into tmp_file, an authenticated attacker can execute arbitrary system commands on the server. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-25512product:"Group-office Group Office" version:"25.0.1"http.html:"Group Office"More intel sources (5)
vuln:CVE-2026-25512vulnerabilities.cve_id: CVE-2026-25512CVE-2026-25512CVE-2026-25512"CVE-2026-25512" exploit -site:nvd.nist.gov