CVE-2025-1795

{"id": "CVE-2025-1795", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cna@python.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-28T19:15:36.550", "references": [{"url": "https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/issues/100884", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/pull/100885", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/pull/119099", "source": "cna@python.org"}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/", "source": "cna@python.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers."}, {"lang": "es", "value": "Durante el plegado de una lista de direcciones, cuando una coma separadora termina en una l\u00ednea plegada y esa l\u00ednea debe codificarse en Unicode, entonces el separador en s\u00ed tambi\u00e9n se codifica en Unicode. El comportamiento esperado es que la coma separadora siga siendo una coma de plan. Esto puede provocar que algunos servidores de correo interpreten mal el encabezado de la direcci\u00f3n."}], "lastModified": "2025-11-03T21:18:53.080", "sourceIdentifier": "cna@python.org"}