Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SMTP Injection

šŸ—“ļøĀ 13 Oct 2025Ā 14:35:31Reported byĀ Veracode Vulnerability DatabaseTypeĀ 
veracode
Ā veracodešŸ”—Ā sca.analysiscenter.veracode.comšŸ‘Ā 2Ā Views

Jakarta Mail is vulnerable to Simple Mail Transfer Protocol injection due to CRLF UTF-8 header validation, enabling header forging.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by SMTP injection due to Jakarta Mail
7 Nov 202511:01
ā€“ibm
IBM Security Bulletins		Security Bulletin: IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty (CVE-2025-7962)
7 Jan 202604:07
ā€“ibm
IBM Security Bulletins		Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java (CVE-2025-7962)
17 Dec 202514:30
ā€“ibm
IBM Security Bulletins		Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
17 Nov 202515:12
ā€“ibm
IBM Security Bulletins		Security Bulletin: IBM Engineering Test Management is affected by IBM WebSphere Application Server and Liberty are affected by SMTP injection(CVE-2025-7962)
25 Mar 202612:17
ā€“ibm
IBM Security Bulletins		Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by SMTP injection due to Jakarta Mail
27 Nov 202501:32
ā€“ibm
IBM Security Bulletins		Security Bulletin: A security vulnerability has been identified in WebSphere Application Server and Websphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (GKLM)
14 Nov 202506:20
ā€“ibm
IBM Security Bulletins		Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
17 Nov 202515:14
ā€“ibm
IBM Security Bulletins		Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by an SMTP injection vulnerability caused by Jakarta Mail(CVE-2025-7962)
18 Dec 202502:12
ā€“ibm
IBM Security Bulletins		Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)
2 Dec 202519:10
ā€“ibm
Rows per page
Vulners
Node
eclipseangus-mailRange1.0.0-M1ā€“2.0.3java
OR
sunjakarta.mailRange2.0.0-RC1ā€“2.0.1java
OR
sunjakarta.mailRange1.6.3ā€“1.6.7java
OR
sunjakarta.mailRange2.0.0ā€“2.0.1java
OR
eclipsesmtpRange1.0.0-M1ā€“2.0.3java
OR
eclipsesmtpMatch1.0.0java
OR
eclipsesmtpMatch1.0.0-m1java
OR
eclipsesmtpMatch1.0.0-m2java
OR
eclipsesmtpMatch1.1.0java
OR
eclipsesmtpMatch2.0.0java
OR
eclipsesmtpMatch2.0.1java
OR
eclipsesmtpMatch2.0.2java

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jun 2026 09:49Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.5
CVSS 46
EPSS0.00054
SSVC
Jakarta Mailinjection vulnerabilitycrlf validationutf eightheader forgingmail commandsmessage splitting
2