VYPR
High severityOSV Advisory· Published Jun 21, 2025· Updated Apr 15, 2026

CVE-2025-52557

CVE-2025-52557

Description

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mail 0/ZeroOSV2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 0.8 before 0.81

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.