CVE-2025-1795: 
Python Interpreter vulnerability analysis and mitigation

CVE-2025-1795 is a vulnerability in Python's email header handling functionality discovered in February 2025. The issue occurs during address list folding when a separating comma ends up on a folded line that needs to be unicode-encoded, causing the separator itself to be incorrectly unicode-encoded instead of remaining as a plain comma. This vulnerability affects multiple versions of Python including Python 3.9, 3.11, and 3.12 (Debian Tracker).

The vulnerability stems from incorrect handling of list separators in the email/headervalue_parser module. When a long email address header needs to be folded and contains unicode characters, the comma separator gets incorrectly encoded if it appears at the fold point. The issue has been assigned a CVSS v4.0 score of 2.3 (LOW) with the vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. The vulnerability is classified as CWE-116 (Improper Encoding or Escaping of Output) (NVD, Red Hat).

The vulnerability can result in email address headers being misinterpreted by some mail servers, potentially leading to delivery issues or rejection of emails. The impact is considered low as it requires specific conditions to be exploited and only affects email header processing (Python Security).

Fixes have been released for multiple Python versions. Python 3.13.2-1 and 3.12.9-1 include the fix, while updates are pending for other affected versions. The issue was addressed by modifying the ListSeparator handling in the email/headervalue_parser module to prevent unicode encoding of the separator character (Debian Tracker).