CVE-2025-59526
BaseFortify
Publication date: 2025-09-22
Last updated on: 2025-09-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eladnava | mailgen | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an HTML injection issue in the Mailgen Node.js package versions prior to 2.0.30. It occurs in the Mailgen.generatePlaintext(email) method when it processes user-generated content without properly sanitizing it. This allows malicious HTML code to be injected into plaintext emails, potentially causing unintended rendering or execution of HTML in email clients. The vulnerability was fixed in version 2.0.30 by improving the HTML tag stripping mechanism. [1, 2]
How can this vulnerability impact me? :
If you use Mailgen.generatePlaintext(email) with user-generated content in affected versions, an attacker could inject malicious HTML into plaintext emails. This could lead to unexpected email content rendering or potentially exploit email client vulnerabilities. Although the severity is low, it may affect the integrity and safety of transactional emails sent using Mailgen. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you should check if your project uses the Mailgen package with a version prior to 2.0.30 and if it calls the Mailgen.generatePlaintext(email) method with user-generated content. There are no specific network or system commands provided to detect the vulnerability directly. However, you can inspect your package.json or lock files for the Mailgen version and review your code for usage of generatePlaintext with unsanitized input. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Mailgen package to version 2.0.30 or later, where the vulnerability is patched. As a workaround, manually strip all HTML tags from any user-generated content before passing it to Mailgen.generatePlaintext(email). This can be done by applying a robust HTML tag stripping method that handles multiline tags, similar to the updated regular expression in the patch. This prevents malicious HTML injection in plaintext emails. [1, 2]