CVE-2025-1795: Vulnerability in Python Software Foundation CPython
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
AI Analysis
Technical Summary
This vulnerability arises during the process of address list folding in CPython's email handling. When a separating comma ends a folded line that is then unicode-encoded, the comma itself is also unicode-encoded, contrary to expected behavior where the comma should remain plain. This can lead to misinterpretation of the address header by some mail servers. The issue is classified under CWE-116 (Improper Encoding or Escaping of Output). The CVSS 4.0 base score is 2.3, reflecting low severity with network attack vector, high attack complexity, and low impact on confidentiality, integrity, and availability.
Potential Impact
The impact is limited to potential misinterpretation of email address headers by some mail servers due to incorrect encoding of separating commas in folded address lists. This may affect email processing but does not directly compromise system confidentiality, integrity, or availability. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Python Software Foundation advisory for current remediation guidance. Until an official fix is released, users should be aware of this behavior when handling email address headers in affected CPython versions. No specific workaround or temporary fix is provided at this time.
CVE-2025-1795: Vulnerability in Python Software Foundation CPython
Description
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises during the process of address list folding in CPython's email handling. When a separating comma ends a folded line that is then unicode-encoded, the comma itself is also unicode-encoded, contrary to expected behavior where the comma should remain plain. This can lead to misinterpretation of the address header by some mail servers. The issue is classified under CWE-116 (Improper Encoding or Escaping of Output). The CVSS 4.0 base score is 2.3, reflecting low severity with network attack vector, high attack complexity, and low impact on confidentiality, integrity, and availability.
Potential Impact
The impact is limited to potential misinterpretation of email address headers by some mail servers due to incorrect encoding of separating commas in folded address lists. This may affect email processing but does not directly compromise system confidentiality, integrity, or availability. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Python Software Foundation advisory for current remediation guidance. Until an official fix is released, users should be aware of this behavior when handling email address headers in affected CPython versions. No specific workaround or temporary fix is provided at this time.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- PSF
- Date Reserved
- 2025-02-28T18:49:37.957Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6908cdd1bdcf00867c4fc65b
Added to database: 11/3/2025, 3:44:17 PM
Last enriched: 4/22/2026, 5:42:05 AM
Last updated: 5/9/2026, 9:06:35 PM
Views: 152
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.