When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
References
| Link | Resource |
|---|---|
| http://blue.com | Broken Link |
| https://drive.google.com/file/d/1dVzXuHBk3B1DiFpwFYwj2NNjeKGnGSwT/view | Exploit |
| https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319 | Exploit Third Party Advisory |
| https://github.com/nickvourd/RTI-Toolkit | Not Applicable |
| https://github.com/rip1s/CVE-2017-11882 | Not Applicable |
| https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319 | Exploit Third Party Advisory |
Configurations
History
31 Dec 2025, 00:37
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://blue.com - Broken Link | |
| References | () https://drive.google.com/file/d/1dVzXuHBk3B1DiFpwFYwj2NNjeKGnGSwT/view - Exploit | |
| References | () https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319 - Exploit, Third Party Advisory | |
| References | () https://github.com/nickvourd/RTI-Toolkit - Not Applicable | |
| References | () https://github.com/rip1s/CVE-2017-11882 - Not Applicable | |
| CPE | cpe:2.3:a:blixhq:bluemail:*:*:*:*:*:windows:*:* | |
| First Time |
Blixhq
Blixhq bluemail |
17 Dec 2025, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319 - | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| CWE | CWE-693 |
16 Dec 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-16 16:15
Updated : 2025-12-31 00:37
NVD link : CVE-2025-65319
Mitre link : CVE-2025-65319
CVE.ORG link : CVE-2025-65319
JSON object : View
Products Affected
blixhq
- bluemail
CWE
CWE-693
Protection Mechanism Failure