Vulnerability Description
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Related Weaknesses (CWE)
References
- https://github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342f
- https://github.com/Mail-0/Zero/pull/1386
- https://github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85
FAQ
What is CVE-2025-52557?
CVE-2025-52557 is a documented vulnerability. Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This ...
How severe is CVE-2025-52557?
CVSS scoring is not yet available for CVE-2025-52557. Check NVD for updates.
Is there a patch for CVE-2025-52557?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.