Vulnerability Description
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blixhq | Bluemail | <= 1.140.103 |
Related Weaknesses (CWE)
References
- http://blue.comBroken Link
- https://drive.google.com/file/d/1dVzXuHBk3B1DiFpwFYwj2NNjeKGnGSwT/viewExploit
- https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319ExploitThird Party Advisory
- https://github.com/nickvourd/RTI-ToolkitNot Applicable
- https://github.com/rip1s/CVE-2017-11882Not Applicable
- https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319ExploitThird Party Advisory
FAQ
What is CVE-2025-65319?
CVE-2025-65319 is a vulnerability with a CVSS score of 9.1 (CRITICAL). When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file pr...
How severe is CVE-2025-65319?
CVE-2025-65319 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-65319?
Check the references section above for vendor advisories and patch information. Affected products include: Blixhq Bluemail.