CVE-2025-66224 | OrangeHRM up to 5.7 Mail Configuration code injection (GHSA-2w7w-h5wv-xr55 / EUVD-2025-199907)

A vulnerability was found in OrangeHRM up to 5.7. It has been declared as critical. This issue affects some unknown processing of the component Mail Configuration Handler. Executing manipulation can lead to code injection.

This vulnerability is handled as CVE-2025-66224. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More