CVE Catalog
CVE-2025-15366
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk0.36%
28th percentile - higher than 28% of all known CVEs
Summary
The imaplib module in Python allows injection of additional commands via newline characters in a user-supplied command. Mitigation rejects commands containing control characters.
Risk Assessment
An attacker can remotely execute unauthorized IMAP commands, potentially compromising the confidentiality or integrity of the mailbox.
Recommendation
Update Python to a version that mitigates this vulnerability or implement custom filtering of control characters in input passed to imaplib.
Original NVD description (English source)
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

