CVE Catalog

CVE-2025-15366

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

The imaplib module in Python allows injection of additional commands via newline characters in a user-supplied command. Mitigation rejects commands containing control characters.

Risk Assessment

An attacker can remotely execute unauthorized IMAP commands, potentially compromising the confidentiality or integrity of the mailbox.

Recommendation

Update Python to a version that mitigates this vulnerability or implement custom filtering of control characters in input passed to imaplib.

Original NVD description (English source)

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS