{"id":"CVE-2025-63406","details":"An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php","modified":"2026-04-02T12:58:53.399480Z","published":"2025-11-13T19:15:48.690Z","references":[{"type":"EVIDENCE","url":"https://noahheraud.com/posts/CVE-2025-63406/"},{"type":"EVIDENCE","url":"https://github.com/WinDyAlphA/CVE-2025-63406-PoC"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/intermesh/groupoffice","events":[{"introduced":"0"},{"fixed":"a0db25b0cbe16188beedf745d509d6b71fb64f6c"},{"introduced":"86a5e33c9c9adfc29537c29d42fb0029f456837b"},{"fixed":"1aafb12421cbd41adad6d2da61a251dfdcc0513b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.8.136"},{"introduced":"25.0.1"},{"fixed":"25.0.47"}]}}],"versions":["v25.0.1","v25.0.10","v25.0.11","v25.0.12","v25.0.13","v25.0.14","v25.0.15","v25.0.16","v25.0.17","v25.0.18","v25.0.19","v25.0.2","v25.0.20","v25.0.21","v25.0.22","v25.0.23","v25.0.24","v25.0.25","v25.0.27","v25.0.28","v25.0.29","v25.0.3","v25.0.30","v25.0.31","v25.0.32","v25.0.33","v25.0.34","v25.0.35","v25.0.36","v25.0.37","v25.0.38","v25.0.39","v25.0.4","v25.0.40","v25.0.41","v25.0.44","v25.0.45","v25.0.46","v25.0.5","v25.0.6","v25.0.7","v25.0.8","v25.0.9","v25.2.1","v6.2.85","v6.2.87","v6.2.88","v6.2.89","v6.2.90","v6.2.91","v6.2.92","v6.2.93","v6.2.94","v6.2.95","v6.3.1","v6.3.10","v6.3.11","v6.3.12","v6.3.14","v6.3.15","v6.3.16","v6.3.17","v6.3.18","v6.3.19","v6.3.2","v6.3.20","v6.3.21","v6.3.29","v6.3.3","v6.3.30","v6.3.31","v6.3.32","v6.3.33","v6.3.34","v6.3.35","v6.3.36","v6.3.37","v6.3.38","v6.3.4","v6.3.41","v6.3.42","v6.3.43","v6.3.44","v6.3.45","v6.3.47","v6.3.48","v6.3.49","v6.3.5","v6.3.50","v6.3.6","v6.3.7","v6.3.71","v6.3.72","v6.3.73","v6.3.74","v6.3.75","v6.3.76","v6.3.77","v6.3.78","v6.3.79","v6.3.8","v6.3.80","v6.3.81","v6.3.92","v6.3.93","v6.3.94","v6.3.96","v6.3.97","v6.3.98","v6.3.99","v6.4.156","v6.4.157","v6.4.158","v6.4.159","v6.4.160","v6.4.161","v6.4.162","v6.4.165","v6.4.170","v6.4.171","v6.4.172","v6.4.173","v6.4.174","v6.4.175","v6.4.176","v6.4.177","v6.4.178","v6.4.179","v6.4.180","v6.4.181","v6.4.182","v6.4.183","v6.4.184","v6.4.185","v6.4.186","v6.4.187","v6.4.188","v6.4.189","v6.4.190","v6.4.191","v6.4.192","v6.4.193","v6.4.194","v6.4.195","v6.4.196","v6.4.197","v6.4.198","v6.4.199","v6.4.200","v6.4.201","v6.4.202","v6.4.203","v6.4.204","v6.4.205","v6.4.206","v6.4.207","v6.4.208","v6.4.209","v6.4.21","v6.4.210","v6.4.211","v6.4.212","v6.4.213","v6.4.215","v6.4.216","v6.4.217","v6.4.218","v6.4.219","v6.4.22","v6.4.220","v6.4.221","v6.4.222","v6.4.223","v6.4.224","v6.4.225","v6.4.226","v6.4.227","v6.4.228","v6.4.229","v6.4.23","v6.4.230","v6.4.231","v6.4.232","v6.4.233","v6.4.234","v6.4.235","v6.4.236","v6.4.237","v6.4.238","v6.4.239","v6.4.240","v6.4.241","v6.4.242","v6.4.243","v6.4.244","v6.4.245","v6.4.246","v6.4.247","v6.4.25","v6.4.26","v6.4.27","v6.4.28","v6.4.29","v6.4.30","v6.4.31","v6.4.32","v6.4.33","v6.4.34","v6.4.35","v6.4.36","v6.4.37","v6.4.38","v6.4.39","v6.4.40","v6.4.41","v6.4.42","v6.4.43","v6.4.44","v6.4.45","v6.4.49","v6.4.50","v6.4.51","v6.5.100","v6.5.101","v6.5.102","v6.5.103","v6.5.104","v6.5.105","v6.5.106","v6.5.107","v6.5.108","v6.5.109","v6.5.110","v6.5.113","v6.5.30","v6.5.31","v6.5.32","v6.5.33","v6.5.34","v6.5.35","v6.5.36","v6.5.37","v6.5.38","v6.5.39","v6.5.40","v6.5.41","v6.5.42","v6.5.43","v6.5.44","v6.5.45","v6.5.46","v6.5.47","v6.5.48","v6.5.49","v6.5.50","v6.5.51","v6.5.52","v6.5.53","v6.5.54","v6.5.55","v6.5.56","v6.5.57","v6.5.58","v6.5.59","v6.5.60","v6.5.61","v6.5.62","v6.5.63","v6.5.64","v6.5.65","v6.5.66","v6.5.67","v6.5.68","v6.5.69","v6.5.70","v6.5.71","v6.5.72","v6.5.73","v6.5.74","v6.5.75","v6.5.76","v6.5.77","v6.5.78","v6.5.79","v6.5.80","v6.5.81","v6.5.82","v6.5.83","v6.5.84","v6.5.85","v6.5.86","v6.5.88","v6.5.89","v6.5.90","v6.5.91","v6.5.92","v6.5.93","v6.5.94","v6.5.95","v6.5.96","v6.5.97","v6.5.98","v6.5.99","v6.6.100","v6.6.101","v6.6.102","v6.6.103","v6.6.104","v6.6.105","v6.6.106","v6.6.107","v6.6.108","v6.6.109","v6.6.110","v6.6.111","v6.6.112","v6.6.113","v6.6.114","v6.6.115","v6.6.116","v6.6.117","v6.6.118","v6.6.119","v6.6.120","v6.6.121","v6.6.122","v6.6.123","v6.6.124","v6.6.125","v6.6.126","v6.6.127","v6.6.128","v6.6.129","v6.6.130","v6.6.131","v6.6.132","v6.6.133","v6.6.134","v6.6.135","v6.6.136","v6.6.137","v6.6.138","v6.6.139","v6.6.140","v6.6.141","v6.6.142","v6.6.143","v6.6.144","v6.6.145","v6.6.146","v6.6.147","v6.6.148","v6.6.149","v6.6.150","v6.6.151","v6.6.152","v6.6.153","v6.6.154","v6.6.155","v6.6.156","v6.6.157","v6.6.158","v6.6.159","v6.6.160","v6.6.161","v6.6.162","v6.6.163","v6.6.164","v6.6.165","v6.6.166","v6.6.167","v6.6.168","v6.6.169","v6.6.170","v6.6.171","v6.6.172","v6.6.173","v6.6.174","v6.6.175","v6.6.176","v6.6.177","v6.6.178","v6.6.179","v6.6.180","v6.6.181","v6.6.182","v6.6.183","v6.6.184","v6.6.25","v6.6.26","v6.6.27","v6.6.28","v6.6.29","v6.6.30","v6.6.31","v6.6.32","v6.6.33","v6.6.34","v6.6.35","v6.6.36","v6.6.37","v6.6.38","v6.6.39","v6.6.40","v6.6.41","v6.6.42","v6.6.43","v6.6.44","v6.6.45","v6.6.46","v6.6.47","v6.6.48","v6.6.49","v6.6.50","v6.6.51","v6.6.52","v6.6.53","v6.6.54","v6.6.55","v6.6.56","v6.6.57","v6.6.58","v6.6.59","v6.6.60","v6.6.61","v6.6.62","v6.6.63","v6.6.64","v6.6.65","v6.6.66","v6.6.67","v6.6.68","v6.6.69","v6.6.70","v6.6.71","v6.6.72","v6.6.73","v6.6.74","v6.6.75","v6.6.76","v6.6.77","v6.6.78","v6.6.79","v6.6.80","v6.6.81","v6.6.82","v6.6.83","v6.6.84","v6.6.85","v6.6.86","v6.6.87","v6.6.88","v6.6.89","v6.6.90","v6.6.91","v6.6.92","v6.6.93","v6.6.94","v6.6.95","v6.6.96","v6.6.97","v6.6.98","v6.6.99","v6.7.0","v6.7.1","v6.7.10","v6.7.11","v6.7.12","v6.7.13","v6.7.14","v6.7.15","v6.7.16","v6.7.17","v6.7.18","v6.7.19","v6.7.2","v6.7.20","v6.7.22","v6.7.23","v6.7.24","v6.7.25","v6.7.26","v6.7.27","v6.7.28","v6.7.29","v6.7.3","v6.7.30","v6.7.31","v6.7.32","v6.7.33","v6.7.34","v6.7.35","v6.7.36","v6.7.37","v6.7.38","v6.7.39","v6.7.40","v6.7.41","v6.7.42","v6.7.43","v6.7.44","v6.7.45","v6.7.46","v6.7.47","v6.7.48","v6.7.49","v6.7.5","v6.7.50","v6.7.51","v6.7.52","v6.7.53","v6.7.54","v6.7.55","v6.7.56","v6.7.57","v6.7.58","v6.7.59","v6.7.6","v6.7.60","v6.7.61","v6.7.62","v6.7.63","v6.7.64","v6.7.65","v6.7.66","v6.7.67","v6.7.68","v6.7.69","v6.7.7","v6.7.70","v6.7.71","v6.7.72","v6.7.73","v6.7.74","v6.7.75","v6.7.76","v6.7.77","v6.7.78","v6.7.79","v6.7.8","v6.7.80","v6.7.81","v6.7.82","v6.7.83","v6.7.84","v6.7.85","v6.7.86","v6.7.9","v6.8.1","v6.8.10","v6.8.100","v6.8.101","v6.8.102","v6.8.103","v6.8.104","v6.8.105","v6.8.106","v6.8.107","v6.8.108","v6.8.109","v6.8.11","v6.8.110","v6.8.111","v6.8.112","v6.8.113","v6.8.114","v6.8.115","v6.8.116","v6.8.117","v6.8.118","v6.8.119","v6.8.12","v6.8.120","v6.8.121","v6.8.122","v6.8.123","v6.8.124","v6.8.125","v6.8.126","v6.8.127","v6.8.128","v6.8.129","v6.8.13","v6.8.130","v6.8.131","v6.8.132","v6.8.133","v6.8.134","v6.8.135","v6.8.14","v6.8.15","v6.8.16","v6.8.17","v6.8.18","v6.8.19","v6.8.20","v6.8.21","v6.8.22","v6.8.23","v6.8.24","v6.8.25","v6.8.26","v6.8.27","v6.8.28","v6.8.29","v6.8.3","v6.8.30","v6.8.31","v6.8.32","v6.8.33","v6.8.34","v6.8.35","v6.8.36","v6.8.37","v6.8.38","v6.8.39","v6.8.4","v6.8.40","v6.8.41","v6.8.42","v6.8.43","v6.8.44","v6.8.45","v6.8.46","v6.8.47","v6.8.48","v6.8.49","v6.8.5","v6.8.50","v6.8.52","v6.8.53","v6.8.54","v6.8.55","v6.8.56","v6.8.57","v6.8.58","v6.8.59","v6.8.6","v6.8.60","v6.8.61","v6.8.62","v6.8.63","v6.8.64","v6.8.65","v6.8.66","v6.8.67","v6.8.68","v6.8.69","v6.8.7","v6.8.70","v6.8.71","v6.8.72","v6.8.73","v6.8.74","v6.8.75","v6.8.76","v6.8.77","v6.8.78","v6.8.79","v6.8.8","v6.8.80","v6.8.81","v6.8.82","v6.8.83","v6.8.84","v6.8.85","v6.8.86","v6.8.87","v6.8.88","v6.8.89","v6.8.9","v6.8.90","v6.8.91","v6.8.92","v6.8.93","v6.8.94","v6.8.95","v6.8.96","v6.8.97","v6.8.98","v6.8.99"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63406.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}