CVE-2025-26842: 
Linux Debian vulnerability analysis and mitigation

A security vulnerability (CVE-2025-26842) was discovered in Znuny, an OTRS Community Edition Fork, on February 12, 2025. The vulnerability affects Znuny LTS versions 6.5.1 through 6.5.11, Znuny versions 7.0.1 through 7.1.3, and all versions of Znuny LTS 6.0. The issue involves unauthorized access to S/MIME encrypted email content through the communication log system (Wiz Report, Znuny Advisory).

The vulnerability allows the decrypted content of S/MIME encrypted emails to be stored in the communication log, potentially exposing sensitive information to users who have access to these logs. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity and no required privileges or user interaction (Wiz Report, NVD).

The vulnerability could lead to unauthorized access to decrypted S/MIME email content through the communication log, potentially compromising sensitive information intended to be protected by email encryption. This creates a significant information disclosure risk, particularly in environments where email encryption is used to protect confidential communications (Wiz Report).

A fix has been released for the vulnerability. The Debian package has been updated to version 6.5.14-1 in trixie/non-free and sid/non-free distributions. Organizations running affected versions should upgrade to the patched versions as soon as possible (Debian Tracker, Wiz Report).