CVE-2025-65318

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS

Description

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

bbaboha/CVE-2025-65318-and-CVE-2025-65319
bbaboha/CVE-2025-65318-and-CVE-2025-65319
Insecure attachment handling when using Canary Mail or Blue mail
GitHubGitHub
3
nickvourd/RTI-Toolkit
nickvourd/RTI-Toolkit
Remote Template Injection Toolkit
GitHubGitHub
43