Search criteria
1 vulnerability by Mail-0
CVE-2025-52557 (GCVE-0-2025-52557)
Vulnerability from cvelistv5 – Published: 2025-06-21 01:42 – Updated: 2025-06-23 17:41
VLAI?
Summary
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Severity ?
CWE
- CWE-1384 - Improper Handling of Physical or Environmental Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:41:13.338469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:41:29.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zero",
"vendor": "Mail-0",
"versions": [
{
"status": "affected",
"version": "= 0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mail-0\u0027s Zero is an open-source email solution. In version 0.8 it\u0027s possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1384",
"description": "CWE-1384: Improper Handling of Physical or Environmental Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T01:42:23.004Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85"
},
{
"name": "https://github.com/Mail-0/Zero/pull/1386",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mail-0/Zero/pull/1386"
},
{
"name": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f"
}
],
"source": {
"advisory": "GHSA-34gh-g567-hq85",
"discovery": "UNKNOWN"
},
"title": "Mail-0 Zero Session Hijacking Via Email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52557",
"datePublished": "2025-06-21T01:42:23.004Z",
"dateReserved": "2025-06-18T03:55:52.035Z",
"dateUpdated": "2025-06-23T17:41:29.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}