{"id":"CVE-2025-7962","details":"In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \\r and \\n UTF-8 characters to separate different messages.","aliases":["GHSA-9342-92gg-6v29"],"modified":"2026-04-09T11:03:57.383003Z","published":"2025-07-21T18:15:28.820Z","related":["CGA-vgq2-c99p-cfq4","SUSE-SU-2025:03025-1","openSUSE-SU-2025:15378-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2025/09/03/4"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/67"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/angus-mail","events":[{"introduced":"0"},{"fixed":"37c1c6ca1e7bdc1c7be6ed47eb6f1e388d3cbc79"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.4"}]}},{"type":"GIT","repo":"https://github.com/jakartaee/mail-api","events":[{"introduced":"0"},{"fixed":"f31ae63dd08cebebf3b5066b26f471f9c916b0b2"},{"introduced":"1ee316ccf6f27e8bbd8917d81e75f6d462930622"},{"fixed":"5b9aaf8d38960b7a3d1fbb99d554b909c5a8d0e1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.8"},{"introduced":"2.0.0"},{"fixed":"2.0.2"}]}}],"versions":["1.6.4","1.6.5","2.0.1","initial-contribution"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-7962.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}