CVE-2025-7962
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-11-13
Assigner: Eclipse Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eclipse | jakarta_mail | to 1.6.8 (exc) |
| eclipse | jakarta_mail | From 2.0.0 (inc) to 2.0.2 (exc) |
| eclipse | angus_mail | to 2.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-147 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Jakarta Mail 2.2 allows an attacker to perform SMTP Injection by using the \r and \n UTF-8 characters to separate different messages. This means an attacker can manipulate the SMTP communication by injecting additional SMTP commands or messages.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to manipulate email sending processes, potentially leading to unauthorized email sending, spamming, or bypassing email security controls. This could result in misuse of the mail system and possible delivery of malicious emails.