VYPR
High severityOSV Advisory· Published Dec 18, 2025· Updated Jan 8, 2026

Nodemailer: nodemailer: denial of service via crafted email address header

CVE-2025-14874

Description

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nodemailernpm
< 7.0.117.0.11

Affected products

38

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.