CVE-2025-13033 (GCVE-0-2025-13033)

Vulnerability from cvelistv5 – Published: 2025-11-14 19:37 – Updated: 2026-05-11 11:26
VLAI?
Title
Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict
Summary
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
Impacted products
Vendor Product Version
nodemailer nodemailer Affected: 0 , < 7.0.7 (semver)
Create a notification for this product.
Red Hat Red Hat Ceph Storage 8.1 Unaffected: 1777566546 , < * (rpm)
    cpe:/a:redhat:ceph_storage:8.1::el9
 Create a notification for this product.
Red Hat Red Hat Developer Hub 1.9 Unaffected: 1772573159 , < * (rpm)
    cpe:/a:redhat:rhdh:1.9::el9
 Create a notification for this product.
Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
 Create a notification for this product.
Date Public ?
2025-10-07 13:42
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-14T20:00:22.140079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-14T20:00:51.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/nodemailer/nodemailer",
          "defaultStatus": "unaffected",
          "packageName": "nodemailer",
          "product": "nodemailer",
          "vendor": "nodemailer",
          "versions": [
            {
              "lessThan": "7.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ceph_storage:8.1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhceph/grafana-rhel9",
          "product": "Red Hat Ceph Storage 8.1",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1777566546",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhdh:1.9::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhdh/rhdh-hub-rhel9",
          "product": "Red Hat Developer Hub 1.9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1772573159",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:acm:2"
          ],
          "defaultStatus": "affected",
          "packageName": "rhacm2/acm-grafana-rhel9",
          "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-10-07T13:42:02.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T11:26:36.924Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:15979",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:15979"
        },
        {
          "name": "RHSA-2026:3751",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:3751"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-13033"
        },
        {
          "name": "RHBZ#2402179",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
        },
        {
          "url": "https://github.com/nodemailer/nodemailer"
        },
        {
          "url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
        },
        {
          "url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-07T15:03:14.483Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-10-07T13:42:02.000Z",
          "value": "Made public."
        }
      ],
      "title": "Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently there\u0027s no available mitigation for this flaw."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-13033",
    "datePublished": "2025-11-14T19:37:08.224Z",
    "dateReserved": "2025-11-11T16:15:03.749Z",
    "dateUpdated": "2026-05-11T11:26:36.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-13033",
      "date": "2026-05-16",
      "epss": "0.00031",
      "percentile": "0.09055"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13033\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-11-14T20:15:45.957\",\"lastModified\":\"2026-05-11T13:16:10.037\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1286\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15979\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3751\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-13033\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2402179\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/nodemailer/nodemailer\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87\",\"source\":\"secalert@redhat.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13033\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-14T20:00:22.140079Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-14T20:00:42.733Z\"}}], \"cna\": {\"title\": \"Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nodemailer\", \"product\": \"nodemailer\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.0.7\", \"versionType\": \"semver\"}], \"packageName\": \"nodemailer\", \"collectionURL\": \"https://github.com/nodemailer/nodemailer\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:8.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 8.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1777566546\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhceph/grafana-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1772573159\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rhdh/rhdh-hub-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"packageName\": \"rhacm2/acm-grafana-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-07T15:03:14.483Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-10-07T13:42:02.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-10-07T13:42:02.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2026:15979\", \"name\": \"RHSA-2026:15979\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3751\", \"name\": \"RHSA-2026:3751\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-13033\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2402179\", \"name\": \"RHBZ#2402179\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/nodemailer/nodemailer\"}, {\"url\": \"https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626\"}, {\"url\": \"https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Currently there\u0027s no available mitigation for this flaw.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1286\", \"description\": \"Improper Validation of Syntactic Correctness of Input\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-05-11T11:26:36.924Z\"}, \"x_redhatCweChain\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13033\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T11:26:36.924Z\", \"dateReserved\": \"2025-11-11T16:15:03.749Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-11-14T19:37:08.224Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.