Volerion logoVolerion
Volerion logoVolerion

Mailcow: Dockerized Password Reset Link Manipulation Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability exists in mailcow: dockerized versions prior to 2025-01a, allowing attackers to exploit the password reset feature. By manipulating the Host HTTP header, an attacker can create a password reset link that directs to an attacker-controlled domain. If a user clicks this link, it could result in unauthorized account access. Mailcow version 2025-01a has addressed this vulnerability. As a temporary measure, users can disable the password reset feature by removing the 'Notification email sender' and 'Notification email subject' under System -> Configuration -> Options -> Password Settings.

Impact

Exploitation of this vulnerability could lead to unauthorized account access.

Remediation

Users can update to mailcow version 2025-01a or deactivate the password reset functionality by clearing 'Notification email sender' and 'Notification email subject' under System -> Configuration -> Options -> Password Settings.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
5.0
exploitability
6.5
remediation
8.3
relevance
0.0
threat
0.1
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.