CVE-2025-52557

Summary

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.

Affected Software

VendorProductVersion RangeStatus
Mail-0Zero= 0.8affected

Weaknesses

  • CWE-1384: CWE-1384: Improper Handling of Physical or Environmental Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References