CVE-2025-52557

Published: Jun 21, 2025

Modified: Jun 23, 2025

PUBLISHED

Description

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.

Vendor	Product	Versions
Mail-0	Zero	affected `= 0.8`

Weaknesses (CWE)

CWE-1384

References

https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85

x_refsource_CONFIRM

https://github.com/Mail-0/Zero/pull/1386

x_refsource_MISC

https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52557

Description

Affected Products

Weaknesses (CWE)

References