How severe is CVE-2025-14874?

CVE-2025-14874 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-14874

7.5HIGH

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

Опубликовано: 12/18/2025Обновлено: 1/8/2026

Описание

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

ИИ-АнализНа базе ИИ

Затронутые продукты

nodemailernodemailer

redhatadvanced_cluster_management_for_kubernetes

2.0

redhatceph_storage

8.0

redhatdeveloper_hub

Ссылки

https://access.redhat.com/security/cve/CVE-2025-14874
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418133
ExploitIssue TrackingThird Party Advisory
https://github.com/nodemailer/nodemailer
Product
https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
Patch
https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
ExploitVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2418133
ExploitIssue TrackingThird Party Advisory
https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
ExploitVendor Advisory