Improper Neutralization of Input Terminators in org.eclipse.angus:angus-mail

CVE-2025-7962

org.eclipse.angus:angus-mail
org.eclipse.angus:jakarta.mail
org.eclipse.angus:smtp

Medium

6/10

Summary

In Jakarta Mail through 2.0.3 it is possible to preform a SMTP Injection by utilizing the"\r" and "\n" UTF-8 characters to separate different messages.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-147 - Improper Neutralization of Input Terminators

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.

References

Advisory
Issue
Issue
Pull request

Advisory Timeline

Published Jul 21, 2025

Improper Neutralization of Input Terminators in org.eclipse.angus:angus-mail

CVE-2025-7962

Summary

CWE-147 - Improper Neutralization of Input Terminators

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS