CVE-2025-13033

EPSS 0.03%
Veröffentlicht 14.11.2025 19:37:08
Zuletzt bearbeitet 04.03.2026 16:16:24
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellernodemailer

≫

Produkt nodemailer

Default Statusunaffected

Version < 7.0.7

Version 0

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Developer Hub 1.9

Default Statusaffected

Version < *

Version sha256:141aeba778033153ed7005785565c8f3a00f6353be7bb3fd9124d8ad9375d988

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Advanced Cluster Management for Kubernetes 2

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Ceph Storage 8

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://access.redhat.com/security/cve/CVE-2025-13033

https://bugzilla.redhat.com/show_bug.cgi?id=2402179

https://github.com/nodemailer/nodemailer

https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626

https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87

https://access.redhat.com/errata/RHSA-2026:3751

https://nvd.nist.gov/vuln/detail/CVE-2025-13033

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-13033

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-13033

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-13033