QwikSec

Security Database

CVE

CWE

Training

CVE-2025-1795

Published: Feb 28, 2025

Modified: Apr 21, 2026

PUBLISHED

Description

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.10.17` affected `3.11.0 - < 3.11.9` affected `3.12.0 - < 3.12.3` affected `3.13.0a1 - < 3.13.0a5`

References

https://github.com/python/cpython/issues/100884

issue-tracking

https://github.com/python/cpython/pull/100885

patch

https://github.com/python/cpython/pull/119099

patch

https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48

patch

https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593

patch

https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74

patch

https://mail.python.org/archives/list/[email protected]/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/

vendor-advisory

https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d

patch

https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.