- Description
- Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-400
- Hype score
- Not currently trending
🚨 CVE-2025-25186 🟠 MEDIUM (6.5) 🏢 ruby - net-imap 🏗️ >= 0.3.2, < 0.3.8 🔗 https://t.co/gYvyh6jHvf 🔗 https://t.co/5qHazmjmid 🔗 https://t.co/1sbSZLlDNG 🔗 https://t.co/Z998xNDkug #CyberCron #VulnAlert https://t.co/xFYabsfVGp
@cybercronai
13 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ruby: CVE-2025-25186: DoS vulnerability in net-imap https://t.co/bVVW8SvxJZ #rubylang #devtalk
@dev_talk
11 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Lambda Watchdog detected a new MEDIUM severity CVE 🚨 CVE-2025-25186 was detected in the latest AWS Lambda image scan affecting the net-imap package in 3 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless
@LambdaWatchdog
11 Feb 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-25186 🟠 MEDIUM (6.5) 🏢 ruby - net-imap 🏗️ >= 0.3.2, < 0.3.8 🔗 https://t.co/gYvyh6jHvf 🔗 https://t.co/5qHazmjmid 🔗 https://t.co/1sbSZLlDNG 🔗 https://t.co/Z998xNDkug #CyberCron #VulnAlert https://t.co/YEf5OMGD9d
@cybercronai
10 Feb 2025
169 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-25186 Denial of Service via Memory Exhaustion in Ruby Net::IMAP Client Library https://t.co/hqCFJo7gK3
@VulmonFeeds
10 Feb 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25186 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, t… https://t.co/Jyg3HIH9lW
@CVEnew
10 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes