FreeBSD : Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines (0be929a5-2e0f-11f1-88c7-00a098b42aeb)

🗓️ 02 Apr 2026 00:00:00Reported by TenableType

FreeBSD Python imaplib allows newline-based command injection via user input on older versions.

Reporter	Title	Published	Views	Family All 374
FreeBSD	Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines	20 Jan 202600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	7 Apr 202616:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	14 Apr 202615:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway for Multiplatforms.	21 May 202614:27	–	ibm
IBM Security Bulletins	Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 2.0.0	20 Apr 202609:57	–	ibm
ATTACKERKB	CVE-2025-15366	20 Jan 202621:40	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0035: python3 (ALINUX3-SA-2026:0035)	13 Feb 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0061: python3.11 (ALINUX3-SA-2026:0061)	24 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : python3 (ALSA-2026:2128)	6 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : python3.12 (ALSA-2026:4165)	11 Mar 202600:00	–	nessus

Source	Link
cveawg	www.cveawg.mitre.org/api/cve/CVE-2025-15366
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2021 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('compat.inc');

if (description)
{
  script_id(304663);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id("CVE-2025-15366");
  script_xref(name:"IAVA", value:"2026-A-0142-S");

  script_name(english:"FreeBSD : Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines (0be929a5-2e0f-11f1-88c7-00a098b42aeb)");

  script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a
vulnerability as referenced in the 0be929a5-2e0f-11f1-88c7-00a098b42aeb advisory.

    Python Software Foundation Security Developer reports:
    The imaplib module, when passed a user-controlled command, can have
              additional commands injected using newlines.  Mitigation rejects
              commands containing control characters.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cveawg.mitre.org/api/cve/CVE-2025-15366");
  # https://vuxml.freebsd.org/freebsd/0be929a5-2e0f-11f1-88c7-00a098b42aeb.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a7543324");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:P/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-15366");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python311");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python312");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python313");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python313t");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python314");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python310");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FreeBSD Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("freebsd_package.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


var flag = 0;

var packages = [
];

foreach var package( packages ) {
    if (pkg_test(save_report:TRUE, pkg: package)) flag++;
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : pkg_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

30 Apr 2026 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 45.9

EPSS0.00104

SSVC