CVE-2025-7962

Summary

In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationJakarta Mail1.6.8unaffected
Eclipse FoundationJakarta Mail2.0.2unaffected

Weaknesses

  • CWE-147: CWE-147 Improper Neutralization of Input Terminators

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References