CVE-2025-14874
7.5HIGHA flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
Published: 12/18/2025Updated: 1/8/2026
Description
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
AI AnalysisPowered by AI
Affected Products
nodemailernodemailer
redhatadvanced_cluster_management_for_kubernetes
2.0
redhatceph_storage
8.0
redhatdeveloper_hub
-
References
- https://access.redhat.com/security/cve/CVE-2025-14874Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418133ExploitIssue TrackingThird Party Advisory
- https://github.com/nodemailer/nodemailerProduct
- https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150Patch
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98vExploitVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418133ExploitIssue TrackingThird Party Advisory
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98vExploitVendor Advisory