7.5

CVE-2025-7962

In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EclipseJakarta Mail Version < 1.6.8
EclipseJakarta Mail Version >= 2.0.0 < 2.0.2
EclipseAngus Mail Version < 2.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.76% 0.503
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
emo@eclipse.org 6 0 0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-147 Improper Neutralization of Input Terminators

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.

https://gitlab.eclipse.org/security/cve-assignement/-/issues/67
Third Party Advisory
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/09/03/4
Third Party Advisory
Mailing List