CVE Catalog

CVE-2025-65319

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile - higher than 38% of all known CVEs

Summary

The vulnerability in Blue Mail 1.140.103 and earlier causes documents to be saved to the file system without a Mark-of-the-Web tag when using the attachment interaction functionality. This allows attackers to bypass the built-in file protection mechanisms of Windows OS and third-party software.

Risk Assessment

The organization is at risk of users executing malicious files because the missing Mark-of-the-Web tag bypasses protections like SmartScreen and warnings about opening files from the internet.

Recommendation

Immediately update Blue Mail to a version newer than 1.140.103 where the vulnerability is patched. Until the update, disable the attachment interaction feature or use additional security measures such as antivirus scanning.

Original NVD description (English source)

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS