CVE-2025-56425 is a security vulnerability identified in the AppConnector component of the enaio document management system, specifically versions 10.10.0.183 and earlier, 11.0.0.183 and earlier, and 11.10.0.183 and earlier. The vulnerability resides in the /osrest/api/organization/sendmail REST API endpoint, which handles email sending operations. Authenticated remote attackers can exploit this flaw by injecting arbitrary SMTP commands through crafted input sent to this endpoint. This injection capability allows attackers to manipulate the SMTP communication process, potentially enabling unauthorized email relay, spoofing, or spam distribution. Since the attack requires authentication, the threat actor must have valid credentials or have compromised an account with access to the API. No user interaction beyond sending the crafted request is necessary. The vulnerability does not have a CVSS score assigned yet, and no public exploits have been reported. The AppConnector component is integral to enaio’s email integration and workflow automation, making this vulnerability significant for organizations relying on enaio for document and communication management. Exploitation could lead to compromised email integrity, unauthorized dissemination of information, and reputational damage. The lack of patches at the time of disclosure necessitates immediate risk mitigation through access controls and monitoring.

For European organizations using enaio, this vulnerability poses a significant risk to the confidentiality and integrity of email communications. Attackers with authenticated access could leverage the SMTP command injection to send unauthorized emails, potentially leading to phishing campaigns, spam distribution, or data leakage. This could undermine trust in organizational communications and expose sensitive information. The availability impact is limited but could arise if email systems are abused to the point of blacklisting or service disruption. Given enaio’s use in sectors such as government, legal, and enterprise document management across Europe, the impact could extend to critical workflows and regulatory compliance. Organizations may face reputational damage and operational disruptions if attackers exploit this vulnerability to manipulate email traffic or exfiltrate data. The requirement for authentication reduces the attack surface but does not eliminate risk, especially if credential compromise occurs.

1. Apply vendor-provided patches or updates for enaio AppConnector as soon as they become available to address this vulnerability. 2. Restrict access to the /osrest/api/organization/sendmail endpoint by implementing network-level controls such as IP whitelisting and VPN access to limit exposure. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4. Monitor email sending logs and SMTP traffic for unusual patterns indicative of abuse or injection attempts. 5. Conduct regular audits of user accounts with access to the AppConnector API and revoke unnecessary privileges. 6. Implement email security solutions such as SPF, DKIM, and DMARC to mitigate the impact of unauthorized email sending and reduce spoofing risks. 7. Educate users and administrators about the risks of credential theft and phishing to prevent initial access by attackers.