Unrated severityNVD Advisory· Published Dec 16, 2025· Updated Dec 17, 2025
CVE-2025-65318
CVE-2025-65318
Description
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=5.1.40
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.