Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Mail-0
CVE-2025-52557 (GCVE-0-2025-52557)
Vulnerability from cvelistv5 – Published: 2025-06-21 01:42 – Updated: 2025-06-23 17:41
VLAI
Title
Mail-0 Zero Session Hijacking Via Email
Summary
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1384 - Improper Handling of Physical or Environmental Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Mail-0/Zero/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Mail-0/Zero/pull/1386 | x_refsource_MISC |
| https://github.com/Mail-0/Zero/commit/48d1df65b62… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:41:13.338469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:41:29.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zero",
"vendor": "Mail-0",
"versions": [
{
"status": "affected",
"version": "= 0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mail-0\u0027s Zero is an open-source email solution. In version 0.8 it\u0027s possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1384",
"description": "CWE-1384: Improper Handling of Physical or Environmental Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T01:42:23.004Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85"
},
{
"name": "https://github.com/Mail-0/Zero/pull/1386",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mail-0/Zero/pull/1386"
},
{
"name": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f"
}
],
"source": {
"advisory": "GHSA-34gh-g567-hq85",
"discovery": "UNKNOWN"
},
"title": "Mail-0 Zero Session Hijacking Via Email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52557",
"datePublished": "2025-06-21T01:42:23.004Z",
"dateReserved": "2025-06-18T03:55:52.035Z",
"dateUpdated": "2025-06-23T17:41:29.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52557 (GCVE-0-2025-52557)
Vulnerability from nvd – Published: 2025-06-21 01:42 – Updated: 2025-06-23 17:41
VLAI
Title
Mail-0 Zero Session Hijacking Via Email
Summary
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1384 - Improper Handling of Physical or Environmental Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Mail-0/Zero/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/Mail-0/Zero/pull/1386 | x_refsource_MISC |
| https://github.com/Mail-0/Zero/commit/48d1df65b62… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:41:13.338469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:41:29.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zero",
"vendor": "Mail-0",
"versions": [
{
"status": "affected",
"version": "= 0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mail-0\u0027s Zero is an open-source email solution. In version 0.8 it\u0027s possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1384",
"description": "CWE-1384: Improper Handling of Physical or Environmental Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T01:42:23.004Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85"
},
{
"name": "https://github.com/Mail-0/Zero/pull/1386",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mail-0/Zero/pull/1386"
},
{
"name": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f"
}
],
"source": {
"advisory": "GHSA-34gh-g567-hq85",
"discovery": "UNKNOWN"
},
"title": "Mail-0 Zero Session Hijacking Via Email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52557",
"datePublished": "2025-06-21T01:42:23.004Z",
"dateReserved": "2025-06-18T03:55:52.035Z",
"dateUpdated": "2025-06-23T17:41:29.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}