Vulnerability DatabaseCVE-2025-1795
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-1795
February 28, 2025
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
Related Resources (11)
https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
https://github.com/python/cpython/issues/100884
https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html
https://github.com/python/cpython/pull/100885
https://security-tracker.debian.org/tracker/CVE-2025-1795
https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090
https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
https://github.com/python/cpython/pull/119099
https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
PRESENT
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Improper Encoding or Escaping of Output
CWE-116
EPSS
Base Score:
0.59