Email Spoofing Vulnerability in MDaemon Mail Server
CVE-2025-61084

7.1HIGH

Key Information:

Vendor: Alt-N Technologies
Status: MDaemon Mail Server
Vendor: CVE Published:; 5 November 2025

🔔 Create Alt-N Technologies Vulnerability Alert

What is CVE-2025-61084?

MDaemon Mail Server version 23.5.2 contains a vulnerability whereby it fails to properly validate SPF, DKIM, and DMARC records due to an incorrect interpretation of the From: header in SMTP DATA. Attackers can exploit this weakness by creating a From: header embedded with multiple invisible Unicode thin spaces. This manipulation allows malicious actors to spoof email senders effectively while evading existing anti-spoofing measures. As a result, organizations relying on MDaemon Mail Server for email communication face increased risks of phishing attacks and identity deception.

References

https://github.com/x00nullbit/CVE-References/blob/main/CV...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Sep 26, 2025

JSON