VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-w2tb-3y5k-4kf7

Essentials
Severities (91)
References (14)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-w2tb-3y5k-4kf7
Aliases	CVE-2025-1795
Summary	python: Mishandling of comma during folding and unicode-encoding of email headers
Status	Published
Exploitability	0.5
Weighted Severity	2.8
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-168

Improper Handling of Inconsistent Special Elements

System	Score	Found at
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1795.json
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00144	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2025-1795
cvssv3.1	3.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4	2.3	https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
ssvc	Track	https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
cvssv4	2.3	https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
ssvc	Track	https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
cvssv4	2.3	https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
ssvc	Track	https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
cvssv4	2.3	https://github.com/python/cpython/issues/100884
ssvc	Track	https://github.com/python/cpython/issues/100884
cvssv4	2.3	https://github.com/python/cpython/pull/100885
ssvc	Track	https://github.com/python/cpython/pull/100885
cvssv4	2.3	https://github.com/python/cpython/pull/119099
ssvc	Track	https://github.com/python/cpython/pull/119099
cvssv4	2.3	https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
ssvc	Track	https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1795.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-1795
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1795
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
09fab93c3d857496c0bd162797fab816c311ee48		https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
100884		https://github.com/python/cpython/issues/100884
100885		https://github.com/python/cpython/pull/100885
119099		https://github.com/python/cpython/pull/119099
2349061		https://bugzilla.redhat.com/show_bug.cgi?id=2349061
70754d21c288535e86070ca7a6e90dcb670b8593		https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
9148b77e0af91cdacaa7fe3dfac09635c3fe9a74		https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
CVE-2025-1795		https://nvd.nist.gov/vuln/detail/CVE-2025-1795
MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR		https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
USN-7570-1		https://usn.ubuntu.com/7570-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1795.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/issues/100884

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://github.com/python/cpython/issues/100884

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/pull/100885

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://github.com/python/cpython/pull/100885

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/pull/119099

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://github.com/python/cpython/pull/119099

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:30:47Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/

Exploit Prediction Scoring System (EPSS)

Percentile	0.11717
EPSS Score	0.00069
Published At	March 29, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-03-28T05:42:04.686075+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1795.json	36.0.0