CVE-2025-1795
CVE-2025-1795 is a low-severity vulnerability with a CVSS 4.0 base score of 2.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-116.
Key facts
- Severity: Low (CVSS 4.0 base score 2.3)
- EPSS exploit prediction: 1% (43rd percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-5930
- Weakness: CWE-116
- Published:
- Last modified:
Description
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
Frequently asked questions
- What is CVE-2025-1795?
- During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
- How severe is CVE-2025-1795?
- CVE-2025-1795 has a CVSS 4.0 base score of 2.3, rated low severity.
- Is CVE-2025-1795 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (43rd percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-1795?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-1795 have an EU (EUVD) identifier?
- Yes. CVE-2025-1795 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-5930.
- When was CVE-2025-1795 published?
- CVE-2025-1795 was published on 2025-02-28 and last updated on 2026-06-17.
References
- https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
- https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
- https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
- https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d
- https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090
- https://github.com/python/cpython/issues/100884
- https://github.com/python/cpython/pull/100885
- https://github.com/python/cpython/pull/119099
- https://mail.python.org/archives/list/[email protected]/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
- https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html
Other CWE-116 vulnerabilities
- CVE-2025-55730 — Critical (CVSS 10.0): XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in…
- CVE-2025-55729 — Critical (CVSS 10.0): XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in…
- CVE-2023-47143 — Critical (CVSS 10.0): IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection,…
- CVE-2023-26472 — Critical (CVSS 9.9): XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with…
- CVE-2022-41934 — Critical (CVSS 9.9): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with…
- CVE-2022-36100 — Critical (CVSS 9.9): XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform.…