Description
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.
Published: 2026-03-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Tabs Mail Carrier 2.5.1 contains a buffer overflow that is triggered by a specially crafted MAIL FROM SMTP command. The vulnerability allows a remote attacker to overwrite the EIP register and execute arbitrary code, effectively granting full control of the system. This weakness is associated with CWE‑787 (Buffer Overflow).

Affected Systems

The affected product is Tabs Mail Carrier, version 2.5.1, distributed by Tabs:Mail Carrier. Only this specific version is mentioned as vulnerable; earlier or later releases are not listed as impacted.

Risk and Exploitability

The CVSS score of 9.3 places the vulnerability in the High range, indicating severe potential damage. The EPSS score of less than 1% suggests that exploitation is currently unlikely to be widespread, and the issue is not listed in CISA’s KEV catalog. Attackers can exploit the flaw remotely by connecting to the SMTP service on port 25 from any network source and sending a malicious MAIL FROM packet that overflows the buffer.

Generated by OpenCVE AI on March 25, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tabs Mail Carrier to a version that resolves the buffer overflow in the MAIL FROM handling.
  • If an upgrade is not immediately available, restrict or block external access to the SMTP service on port 25 so only trusted hosts can connect.
  • Monitor SMTP logs for abnormal MAIL FROM commands and promptly block any offending IP addresses.

Generated by OpenCVE AI on March 25, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tabslab:mailcarrier:2.5.1:*:*:*:*:*:*:*

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Tabslab
Tabslab mailcarrier
Vendors & Products Tabslab
Tabslab mailcarrier

Tue, 24 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.
Title Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tabslab Mailcarrier
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T13:42:45.517Z

Reserved: 2026-03-24T11:06:47.847Z

Link: CVE-2019-25646

cve-icon Vulnrichment

Updated: 2026-03-24T13:42:36.252Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T12:16:07.217

Modified: 2026-03-25T21:44:48.847

Link: CVE-2019-25646

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:20:23Z

Weaknesses