DEBIAN-CVE-2025-14874

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-14874
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14874.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-14874
Upstream
Published
2025-12-18T09:15:44.870Z
Modified
2026-01-17T05:04:11.629385Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

References

Affected packages

Debian:11 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.17-3
6.6.1-1
6.6.3-1
6.6.5-1
6.7.0-1
6.7.0-2
6.7.1+~6.4.4-1
6.7.2+~6.4.4-1
6.7.3+~6.4.4-1
6.7.4+~6.4.4-1
6.7.5+~6.4.4-1
6.7.6+~6.4.4-1
6.7.7+~6.4.4-1
6.7.8+~6.4.5-1
6.7.8+~6.4.5-2
6.8.0+~6.4.6-1
6.9.4+~6.4.9-1
6.9.4+~6.4.9-2
6.9.4+~6.4.9-3
6.9.4+~6.4.9-4
6.9.13+~6.4.14-1
6.9.15+~6.4.16-1
6.9.16+~6.4.16-1
6.10.0+~6.4.17-1

7.*

7.0.5+~7.0.1-1
7.0.6+~7.0.1-1
7.0.9+~7.0.2-1
7.0.9+~7.0.2-2
7.0.10+~7.0.2-1
7.0.12+~7.0.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14874.json"

Debian:12 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.8.0+~6.4.6-1
6.9.4+~6.4.9-1
6.9.4+~6.4.9-2
6.9.4+~6.4.9-3
6.9.4+~6.4.9-4
6.9.13+~6.4.14-1
6.9.15+~6.4.16-1
6.9.16+~6.4.16-1
6.10.0+~6.4.17-1

7.*

7.0.5+~7.0.1-1
7.0.6+~7.0.1-1
7.0.9+~7.0.2-1
7.0.9+~7.0.2-2
7.0.10+~7.0.2-1
7.0.12+~7.0.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14874.json"

Debian:13 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.10.0+~6.4.17-1
6.10.0+~6.4.17-1+deb13u1

7.*

7.0.5+~7.0.1-1
7.0.6+~7.0.1-1
7.0.9+~7.0.2-1
7.0.9+~7.0.2-2
7.0.10+~7.0.2-1
7.0.12+~7.0.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14874.json"

Debian:14 / node-nodemailer

Package

Name
node-nodemailer
Purl
pkg:deb/debian/node-nodemailer?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.12+~7.0.5-1

Affected versions

6.*

6.10.0+~6.4.17-1

7.*

7.0.5+~7.0.1-1
7.0.6+~7.0.1-1
7.0.9+~7.0.2-1
7.0.9+~7.0.2-2
7.0.10+~7.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14874.json"