CVE-2025-7962: Medium severity Jakarta Mail vulnerability
Published Jul 21, 2025
·Updated
In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
Affected Software
14 affected componentsFixes available
Jakarta Mail
Eclipse Jakarta Mail<1.6.8
Eclipse Jakarta Mail>=2.0.0<2.0.2
Eclipse Angus Mail<2.0.4
IBM Cognos Analytics<=11.2.0
IBM Cognos Analytics<=12.0
IBM Cognos Transformer<=12.0
IBM Cognos Transformer<=11.2.4
IBM Cognos Transformer<=12.1.0
IBM Cognos Analytics<=11.2.0
IBM Cognos Analytics<=12.1.0
IBM Cognos Analytics<=12.0
IBM Cognos Transformer<=11.2.4
IBM Cognos Transformer<=12.1.0
Event History
Jul 21, 2025
CVE Published
via MITRE·05:22 PM
Data Sourced
via MITRE·05:22 PM
DescriptionWeakness
Data Sourced
via NVD·06:15 PM
DescriptionSeverityWeaknessAffected Software
May 26, 2026
Data Sourced
via IBM·05:05 PM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-7962?
CVE-2025-7962 has a critical severity rating due to its potential for SMTP Injection attacks.
2
How do I fix CVE-2025-7962?
To mitigate CVE-2025-7962, ensure you validate and sanitize all user inputs for the presence of \r and \n characters before processing SMTP commands.
3
Which versions of Jakarta Mail are affected by CVE-2025-7962?
CVE-2025-7962 affects Jakarta Mail version 2.2 and potentially earlier versions.
4
What are the potential impacts of exploiting CVE-2025-7962?
Exploiting CVE-2025-7962 could allow an attacker to manipulate email messages sent via vulnerable Jakarta Mail systems.
5
Is there a patch available for CVE-2025-7962?
As of now, there is no official patch released for CVE-2025-7962, and users are advised to implement workarounds until a fix is provided.