CVE-2025-65319

critical

Description

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

References

https://github.com/rip1s/CVE-2017-11882

https://github.com/nickvourd/RTI-Toolkit

https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319

https://drive.google.com/file/d/1dVzXuHBk3B1DiFpwFYwj2NNjeKGnGSwT/view

Details

Source: Mitre, NVD

Published: 2025-12-16

Updated: 2026-07-05

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00018