Improper Validation of Syntactic Correctness of Input
CVE-2025-13033
Summary
The email parsing library incorrectly handles quoted local-parts containing '@' in versions through 7.0.6. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target.
CWE-1286 - Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
References
Advisory Timeline
- Published
