Description
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Published: 2025-06-21
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18797 Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
History

Mon, 23 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Jun 2025 02:00:00 +0000

Type Values Removed Values Added
Description Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Title Mail-0 Zero Session Hijacking Via Email
Weaknesses CWE-1384
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-06-23T17:41:29.958Z

Reserved: 2025-06-18T03:55:52.035Z

Link: CVE-2025-52557

cve-icon Vulnrichment

Updated: 2025-06-23T17:41:20.499Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-21T02:15:20.107

Modified: 2025-06-23T20:16:21.633

Link: CVE-2025-52557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses