CVE-2025-7962

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-7962

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7962.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-7962

Aliases

GHSA-9342-92gg-6v29

Downstream

DEBIAN-CVE-2025-7962

ECHO-fb57-1326-0be8

MINI-337p-94c9-7gvv

MINI-5pfw-hc94-749f

MINI-92fg-4wxx-jvq4

MINI-j3hx-53cj-rvrr

MINI-q6xf-hx77-wg5m

MINI-q9gc-39j2-87r4

MINI-wqwm-6g7c-p7jx

OESA-2025-1987

OESA-2025-1988

OESA-2025-1989

OESA-2025-1990

OESA-2025-1991

SUSE-SU-2025:03025-1

UBUNTU-CVE-2025-7962

openSUSE-SU-2025:15378-1

Related

Published

2025-07-21T18:15:28.820Z

Modified

2026-03-23T05:06:54.566616678Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

References

Affected packages

Git / github.com/eclipse-ee4j/angus-mail

Affected ranges

Type

GIT

Repo

https://github.com/eclipse-ee4j/angus-mail

Events

Introduced

Fixed

37c1c6ca1e7bdc1c7be6ed47eb6f1e388d3cbc79

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/jakartaee/mail-api

Events

Introduced

Fixed

f31ae63dd08cebebf3b5066b26f471f9c916b0b2

Introduced

1ee316ccf6f27e8bbd8917d81e75f6d462930622

Fixed

5b9aaf8d38960b7a3d1fbb99d554b909c5a8d0e1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.8"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.2"
        }
    ]
}

Affected versions

2.*

2.0.2

2.0.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7962.json"