CVE-2025-13033

EPSS 0.03%
Veröffentlicht 14.11.2025 19:37:08
Zuletzt bearbeitet 11.05.2026 13:16:10
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

CNA 4 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellernodemailer

≫

Produkt nodemailer

Default Statusunaffected

Version 0

Version < 7.0.7

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Developer Hub 1.9

Default Statusaffected

Version sha256:141aeba778033153ed7005785565c8f3a00f6353be7bb3fd9124d8ad9375d988

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Advanced Cluster Management for Kubernetes 2

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Ceph Storage 8

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://access.redhat.com/security/cve/CVE-2025-13033

https://bugzilla.redhat.com/show_bug.cgi?id=2402179

https://github.com/nodemailer/nodemailer

https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626

https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87

https://access.redhat.com/errata/RHSA-2026:3751

https://access.redhat.com/errata/RHSA-2026:15979

https://nvd.nist.gov/vuln/detail/CVE-2025-13033

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13033

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13033

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13033