CVE-2025-52557
High
Published: 21 June 2025
Published
21 June 2025
Modified
15 April 2026
KEV Added
—
Patch
—
CVSS Score v4
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0036
58.9th percentile
Risk Priority
17
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-52557 is a high-severity Improper Handling of Physical or Environmental Conditions (CWE-1384) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 41.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18797
Vulnerability details
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
—
In
inferred from references and description; NVD did not file a CPE for this CVE
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.