As part of my research into Gadget Chains and PHP Object Injection, I discovered an exploitable vulnerability in b1gMail.
The maintainer was very responsive to the report and addressed the issue quickly. Thanks!
https://github.com/b1gMail-OSS/b1gMail/releases/tag/7.4.1-pl2
Details of the report:
https://gist.github.com/mcdruid/cb0b848c12fd6a6bc0c1b3357b983d30
This vulnerability was assigned CVE-2025-1741.