Denial of Service Vulnerability in Nodemailer by Nodemailer
CVE-2025-14874

5.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Advanced Cluster Management For Kubernetes 2
Red Hat Ceph Storage 8
Red Hat Developer Hub
Vendor
CVE Published:
18 December 2025

What is CVE-2025-14874?

A vulnerability in Nodemailer enables attackers to exploit crafted email address headers, leading to an infinite recursion scenario in the address parser. This can result in Denial of Service conditions, potentially affecting the availability of email services. Security patches should be applied to mitigate this issue.

References

https://access.redhat.com/security/cve/CVE-2025-14874
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2418133
issue-trackingx_refsource_REDHAT
https://github.com/nodemailer/nodemailer

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank uko3211 for reporting this issue.
JSON
.
CVE-2025-14874 : Denial of Service Vulnerability in Nodemailer by Nodemailer