7.5
CVE-2025-7962
- EPSS 0.76%
- Veröffentlicht 21.07.2025 17:22:12
- Zuletzt bearbeitet 23.06.2026 12:16:24
- Quelle emo@eclipse.org
- CVE-Watchlists
- Unerledigt
In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eclipse ≫ Jakarta Mail Version < 1.6.8
Eclipse ≫ Jakarta Mail Version >= 2.0.0 < 2.0.2
Eclipse ≫ Angus Mail Version < 2.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| emo@eclipse.org | 6 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-147 Improper Neutralization of Input Terminators
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.
https://gitlab.eclipse.org/security/cve-assignement/-/issues/67
http://www.openwall.com/lists/oss-security/2025/09/03/4