CVEFinder.io

CVE-2025-14874

⚠️ high
Summary

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2025-12-18
First Seen: 2026-01-05
Last Modified 2026-01-08
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-703

🔗 References 7

https://access.redhat.com/security/cve/CVE-2025-14874
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418133
Exploit Issue Tracking Third Party Advisory
https://github.com/nodemailer/nodemailer
Product
https://github.com/nodemailer/nodemailer/commit/b61b...
Patch
https://github.com/nodemailer/nodemailer/security/ad...
Exploit Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418133
Exploit Issue Tracking Third Party Advisory
https://github.com/nodemailer/nodemailer/security/ad...
Exploit Vendor Advisory

📦 Affected Products 4

Vendor Product Status Affected Versions
redhat ceph_storage Affected
v8.0
nodemailer nodemailer Affected
< 7.0.11
redhat advanced_cluster_management_for_kubernetes Affected
v2.0
redhat developer_hub Affected
v-

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-13601 ⚠️ high 7.7 0.0 A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_u... 2025-11-26
CVE-2025-13033 ⚠️ high 7.5 0.1 A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient em... 2025-11-14
CVE-2025-6017 🔶 medium 5.5 0.0 A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2... 2025-07-02
CVE-2023-48795 🔶 medium 5.9 59.0 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot... 2023-12-18
CVE-2023-44487 ⚠️ high 7.5 94.4 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many... 2023-10-10
CVE-2022-3248 🔶 medium 4.4 0.1 A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow ... 2023-10-05
These CVEs affect the same products