Imprint

Vulnerabilities 2025Permanent link for this heading

Security vulnerability eGov17536Permanent link for this heading

First published: 05 June 2025 (restricted disclosure)

Last update: 04 September 2025

ID: eGov17536

Affected Components:

  • Fabasoft eGov-Suite versions from 2016 Update Rollup 7 up to 2025

Severity: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N, Base Score: 6.9

Status: Final

CVEs: -

SummaryPermanent link for this heading

A security vulnerability concerning a specific document processing feature within the Fabasoft eGov-Suite has been identified.

ImpactPermanent link for this heading

After successful exploitation of this vulnerability, an attacker may compromise the confidentiality of certain documents.

RemediationPermanent link for this heading

The vulnerability can be remediated by installing one of the hotfixes listed below. Fabasoft has prepared scripts in order to identify and correct documents possibly affected. Please contact the Fabasoft 3rd Level Support via Support-Ticket to receive those scripts as well as detailed instructions.

Hotfix informationPermanent link for this heading

The hotfix resolving this issue is available since June 05 2025. Fabasoft provides hotfixes for the following Fabasoft Folio/eGov-Suite versions.

  • Fabasoft eGov-Suite 2020 Update Rollup 5 (included with 20.1.5.086.055)
  • Fabasoft eGov-Suite 2021 Update Rollup 3 (included with 21.1.3.089.154)
  • Fabasoft eGov-Suite 2022 Update Rollup 2 (included with 22.0.2.79.166)
  • Fabasoft eGov-Suite 2022 Update Rollup 3 (included with 22.0.3.075.045)
  • Fabasoft eGov-Suite 2023 Update Rollup 2 (included with 23.0.2.057.086)
  • Fabasoft eGov-Suite 2023 Update Rollup 3 (included with 23.0.3.066.141)
  • Fabasoft eGov-Suite 2023 September Release (included with 23.9.0.280.028)
  • Fabasoft eGov-Suite 2024 (included with 24.0.0.229.32)
  • Fabasoft eGov-Suite 2024 Update Rollup 1 (included with 24.0.1.53.47)
  • Fabasoft eGov-Suite 2024 Update Rollup 2 (included with 24.0.2.059.108)
  • Fabasoft eGov-Suite 2024 Update Rollup 3 (included with 24.0.3.034.151)
  • Fabasoft eGov-Suite 2024 April Release (included with 24.4.0.355.035)
  • Fabasoft eGov-Suite 2024 September Release (included with 24.9.0.243.044)
  • Fabasoft eGov-Suite 2025 (included with 25.0.0.302.128)
  • Fabasoft eGov-Suite 2025 Update Rollup 1 (included with 25.0.1.019.012)
  • Fabasoft eGov-Suite 2025 April Release (included with 25.4.0.284.040)

The fix for this vulnerability is already included with the following and newer versions:

  • Fabasoft eGov-Suite 2025 June Release
  • Fabasoft eGov-Suite 2025 Update Rollup 2