CVE-2025-7962: Jakarta Mail vulnerable to SMTP Injection
(updated )
In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
References
- github.com/advisories/GHSA-9342-92gg-6v29
- github.com/eclipse-ee4j/angus-mail
- github.com/eclipse-ee4j/angus-mail/commit/269099b652a0a5c2fa140f1296a18f0fbbea0d44
- gitlab.eclipse.org/security/cve-assignement/-/issues/67
- gitlab.eclipse.org/security/vulnerability-reports/-/issues/290
- nvd.nist.gov/vuln/detail/CVE-2025-7962
Code Behaviors & Features
Detect and mitigate CVE-2025-7962 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →