CVE-2025-52557
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-06-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1384 | The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52557 is a high-severity vulnerability in version 0.8 of the Mail-0/Zero email client. It occurs because the software improperly sanitizes email content, allowing an attacker to craft an email containing executable JavaScript. When a user opens this malicious email, the JavaScript runs and enables the attacker to hijack the user's session. This vulnerability was fixed in version 0.81 by improving the sanitization process using the DOMPurify library to prevent execution of malicious scripts. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking if you open a maliciously crafted email in the affected Mail-0/Zero version 0.8. An attacker can execute JavaScript in your email client context, potentially gaining unauthorized access to your session and sensitive information. This can compromise your account security and privacy. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if the Mail-0/Zero email client version 0.8 is in use, as this version is vulnerable to malicious emails containing executable JavaScript. Detection involves checking the installed version of Mail-0/Zero and monitoring for emails with suspicious or embedded JavaScript content. Specific commands to detect the vulnerable version could include checking the software version via the package manager or application info, for example: `mail-0 --version` or inspecting the installed package version. Additionally, network monitoring tools can be used to detect suspicious email payloads containing JavaScript, but no specific commands are provided in the resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Mail-0/Zero email client from version 0.8 to version 0.81 or later, where the vulnerability has been patched. The patch integrates DOMPurify to sanitize HTML email content, preventing execution of malicious JavaScript. Additionally, disabling automatic features such as the 'Reply All' composer on email thread display can reduce risk. Applying the official hotfix or update from the Mail-0/Zero project repository is recommended to ensure all security improvements and behavioral changes are in place. [1, 2, 3]