ZSA-2025-04

Date: 2025-02-12
Affected: All versions of Znuny LTS from 6.5.1 up to including 6.5.11. All versions of Znuny from 7.0.1 up to including 7.1.3. All versions of Znuny LTS 6.0.
Severity: medium
CVE: requested

Missing and incorrect HTTP headers allow the delivered mime type of attachments and framing of the application or parts of it to be ignored.

This was a finding during a pentest that Znuny itself initiated due to its SOC 2 and ISO 27001:2022 certification.