debian · CVE-2025-13033

Quick triage

Priority: not yet assigned Published: Updated: Sat, 11 Jul 2026 04:09:25 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-13033 not yet assigned priority: Debian including 1 source packages (node-nodemailer), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.

Description:

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.

cvelogic Threat Intelligence