bbaboha/CVE-2025-65318-and-CVE-2025-65319

bbaboha/CVE-2025-65318-and-CVE-2025-65319

Releases0

Stars3

Insecure attachment handling when using Canary Mail or Blue mail

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65318 ↗	Dec 16, 2025Tuesday, 16 December 2025, 16:15	9.1 CRITICAL	—
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
CVE-2025-65319 ↗	Dec 16, 2025Tuesday, 16 December 2025, 16:15	9.1 CRITICAL	—
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.