Search for vulnerabilities
Vulnerability details: VCID-98vs-c7n6-t3a9
Vulnerability ID VCID-98vs-c7n6-t3a9
Aliases CVE-2024-49394
Summary In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-347 Improper Verification of Cryptographic Signature
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json
cvssv3.1 5.3 https://access.redhat.com/security/cve/CVE-2024-49394
ssvc Track https://access.redhat.com/security/cve/CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
epss 0.00074 https://api.first.org/data/v1/epss?cve=CVE-2024-49394
cvssv3.1 5.3 https://bugzilla.redhat.com/show_bug.cgi?id=2325330
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2325330
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-49394
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json
https://api.first.org/data/v1/epss?cve=CVE-2024-49394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49394
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:*
cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2024-49394 https://access.redhat.com/security/cve/CVE-2024-49394
CVE-2024-49394 https://nvd.nist.gov/vuln/detail/CVE-2024-49394
show_bug.cgi?id=2325330 https://bugzilla.redhat.com/show_bug.cgi?id=2325330
USN-7204-1 https://usn.ubuntu.com/7204-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2024-49394
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:24:55Z/ Found at https://access.redhat.com/security/cve/CVE-2024-49394
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2325330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:24:55Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2325330
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-49394
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.16135
EPSS Score 0.00052
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:48:39.606172+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7204-1/ 37.0.0