CVE-2025-65319
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
The vulnerability in Blue Mail 1.140.103 and earlier causes documents to be saved to the file system without a Mark-of-the-Web tag when using the attachment interaction functionality. This allows attackers to bypass the built-in file protection mechanisms of Windows OS and third-party software.
Risk Assessment
The organization is at risk of users executing malicious files because the missing Mark-of-the-Web tag bypasses protections like SmartScreen and warnings about opening files from the internet.
Recommendation
Immediately update Blue Mail to a version newer than 1.140.103 where the vulnerability is patched. Until the update, disable the attachment interaction feature or use additional security measures such as antivirus scanning.
Original NVD description (English source)
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

