CVE-2025-15366

🗓️ 21 Jan 2026 15:10:15Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 1 Views

Flaw in Python imaplib allows IMAP command injection via newline characters in user input.

Reporter	Title	Published	Views	Family All 377
FreeBSD	Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines	20 Jan 202600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	7 Apr 202616:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	14 Apr 202615:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway for Multiplatforms.	21 May 202614:27	–	ibm
IBM Security Bulletins	Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 2.0.0	20 Apr 202609:57	–	ibm
ATTACKERKB	CVE-2025-15366	20 Jan 202621:40	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0035: python3 (ALINUX3-SA-2026:0035)	13 Feb 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0061: python3.11 (ALINUX3-SA-2026:0061)	24 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : python3 (ALSA-2026:2128)	6 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : python3.12 (ALSA-2026:4165)	11 Mar 202600:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-15366
github	www.github.com/python/cpython/issues/143921
github	www.github.com/python/cpython/pull/143922
mail	www.mail.python.org/archives/list/[email protected]/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

05 Feb 2026 15:48Current

5.4Medium risk

Vulners AI Score5.4

CVSS 45.9

CVSS 3.17.1

EPSS0.00104

SSVC

imap protocol command injection input validation newline characters python standard library mitigation