CVE-2025-7962: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-7962 is a vulnerability discovered in Jakarta Mail 2.0.2 that allows SMTP injection attacks. The vulnerability was disclosed on July 21, 2025, and affects the Jakarta Mail component. The issue enables attackers to perform SMTP injection by exploiting the improper handling of \r and \n UTF-8 characters to separate different messages (NVD, Eclipse Issue).

The vulnerability is classified as CWE-147 (Improper Neutralization of Input Terminators) and has received a CVSS v4.0 Base Score of 6.0 (Medium) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N. The technical nature of the vulnerability involves the improper handling of UTF-8 characters (\r and \n) which can be exploited to inject and separate SMTP messages (Eclipse Issue).

The vulnerability primarily affects the integrity of the system with high impact (VI:H) and has some system scope impact (SI:L) according to the CVSS scoring. The attack requires network access (AV:N) and low privileges (PR:L), though it has high attack complexity (AC:H) (Eclipse Issue).

The vulnerability affects Jakarta Mail version 2.0.2 and earlier versions. Multiple Linux distributions including Debian have marked this as a vulnerability in their package repositories. Users should monitor for updates from their vendors and apply patches when available (Debian Tracker).