CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.7%

CVSS Severity

CVSS v3 Score 9.1

References

http://canary.com
http://canarymail.com
https://drive.google.com/file/d/14wrTzvcLPfFsWmy-SAtDwwZKKPssBsx5/view
https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319
https://github.com/nickvourd/RTI-Toolkit
https://github.com/bbaboha/CVE-2025-65318-and-CVE-2025-65319

Products affected by CVE-2025-65318

Canarymail » Canary Mail » Version: Any

cpe:2.3:a:canarymail:canary_mail:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-65318

Products

Pricing

Contact Us