Vulnerability Description
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
Related Weaknesses (CWE)
References
- https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f81809
- https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a
- https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb
- https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b6
- https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad
- https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e8779
- https://github.com/python/cpython/issues/143935
- https://github.com/python/cpython/pull/143936
- https://mail.python.org/archives/list/[email protected]/thread/FELSEO
FAQ
What is CVE-2025-11468?
CVE-2025-11468 is a documented vulnerability. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where ...
How severe is CVE-2025-11468?
CVSS scoring is not yet available for CVE-2025-11468. Check NVD for updates.
Is there a patch for CVE-2025-11468?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.