{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-07T13:42:02Z",
  "bugzilla" : {
    "description" : "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",
    "id" : "2402179",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-1286",
  "details" : [ "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.", "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls." ],
  "statement" : "This vulnerability allows an attacker to force nodemailer to send an email to an attacker-owned email address by leveraging the incorrect handling of quoted local-parts containing the '@' character in the destination email address. When successfully exploited, this vulnerability may allow an attacker to exfiltrate data by misrouting emails to an unintended domain, presenting a high impact on data confidentiality.\nThis vulnerability has been assessed as having a Moderate impact on Red Hat Products by the Red Hat Product Security team. This is because for an attacker successfully exploit this vulnerability, the malicious actor needs to have direct control over the destination email input.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ceph Storage 8.1",
    "release_date" : "2026-05-11T00:00:00Z",
    "advisory" : "RHSA-2026:15979",
    "cpe" : "cpe:/a:redhat:ceph_storage:8.1::el9",
    "package" : "rhceph/grafana-rhel9:1777566546"
  }, {
    "product_name" : "Red Hat Developer Hub 1.9",
    "release_date" : "2026-03-04T00:00:00Z",
    "advisory" : "RHSA-2026:3751",
    "cpe" : "cpe:/a:redhat:rhdh:1.9::el9",
    "package" : "rhdh/rhdh-hub-rhel9:1772573159"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Affected",
    "package_name" : "rhacm2/acm-grafana-rhel9",
    "cpe" : "cpe:/a:redhat:acm:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-13033\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13033\nhttps://github.com/nodemailer/nodemailer\nhttps://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626\nhttps://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87" ],
  "name" : "CVE-2025-13033",
  "mitigation" : {
    "value" : "Currently there's no available mitigation for this flaw.",
    "lang" : "en:us"
  },
  "csaw" : false
}