High severityNVD Advisory· Published Jun 21, 2025· Updated Apr 15, 2026

CVE-2025-52557

Description

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.

Patches

48d1df65b62c

https://github.com/mail-0/zerovia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Mail-0/Zero/commit/48d1df65b62c9c57897b72b241081f447140342fnvd
github.com/Mail-0/Zero/pull/1386nvd
github.com/Mail-0/Zero/security/advisories/GHSA-34gh-g567-hq85nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000