CVE-2025-65318
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
A vulnerability in Canary Mail 5.1.40 and earlier causes documents to be saved without a Mark-of-the-Web tag when using the attachment interaction functionality. This allows attackers to bypass built-in file protection mechanisms of Windows OS and third-party software.
Risk Assessment
The organization is at risk of executing malicious attachments without warning, potentially leading to malware infection, data leakage, or system compromise.
Recommendation
Immediately update Canary Mail to a version newer than 5.1.40. Until the update is applied, block attachments or use an alternative email client.
Original NVD description (English source)
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

