Share
## https://sploitus.com/exploit?id=85F26709-429E-5CA7-BDAF-917ADF15A2EE
# CVE-2026-25512 PoC โ€“ Group-Office Authenticated RCE via TNEF Handler

**Author:** Mohammed Idrees Banyamer  
**Handle:** [@banyamer_security](https://instagram.com/banyamer_security)  
**GitHub:** [mbanyamer](https://github.com/mbanyamer)  
**Date:** February 04, 2026

## Exploit Title
Group-Office (Intermesh) < 26.0.4 โ€“ Authenticated RCE via TNEF Attachment Handler

## CVE
**CVE-2026-25512**

## CWE
CWE-78 (OS Command Injection)

## Vendor
[Intermesh / Group-Office](https://www.group-office.com)

## Vulnerable Versions
< 26.0.4 (also affects some 25.x / 6.8.x branches)

## Fixed Versions
26.0.5 / 25.0.82 / 6.8.150

## Patch Commit
[6c612deca97a6cd2a1bd4feea0ce7e8e9d907792](https://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792)

## GHSA
[GHSA-579w-jvg7-frr4](https://github.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4)

## Severity
**High** (CVSS 8.8 โ€“ AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

## Description

Group-Office versions prior to 26.0.4 are vulnerable to **authenticated OS command injection** in the endpoint: