Share
## https://sploitus.com/exploit?id=85F26709-429E-5CA7-BDAF-917ADF15A2EE
# CVE-2026-25512 PoC โ Group-Office Authenticated RCE via TNEF Handler
**Author:** Mohammed Idrees Banyamer
**Handle:** [@banyamer_security](https://instagram.com/banyamer_security)
**GitHub:** [mbanyamer](https://github.com/mbanyamer)
**Date:** February 04, 2026
## Exploit Title
Group-Office (Intermesh) < 26.0.4 โ Authenticated RCE via TNEF Attachment Handler
## CVE
**CVE-2026-25512**
## CWE
CWE-78 (OS Command Injection)
## Vendor
[Intermesh / Group-Office](https://www.group-office.com)
## Vulnerable Versions
< 26.0.4 (also affects some 25.x / 6.8.x branches)
## Fixed Versions
26.0.5 / 25.0.82 / 6.8.150
## Patch Commit
[6c612deca97a6cd2a1bd4feea0ce7e8e9d907792](https://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792)
## GHSA
[GHSA-579w-jvg7-frr4](https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4)
## Severity
**High** (CVSS 8.8 โ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
## Description
Group-Office versions prior to 26.0.4 are vulnerable to **authenticated OS command injection** in the endpoint: