Skip to main content

Red Hat CVE-2025-15366

MEDIUM
Command Injection (CWE-77)
2026-01-20 cna@python.org
5.9
CVSS 4.0 · Vendor: python
Share

Severity by source

Vendor (python) PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
6.7 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Red Hat
7.1 MEDIUM
qualitative

Primary rating from Vendor (python).

CVSS VectorVendor: python

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
Jul 07, 2026 - 18:22 NVD
5.9 (MEDIUM)
Patch released
Mar 19, 2026 - 11:15 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 20, 2026 - 22:15 nvd
N/A

DescriptionCVE.org

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Analysis

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
Container bci/bci-sle15-kernel-module-devel:15.7-56.13 Container bci/spack:latest Container suse/kea:2.6 Container suse/kiosk/pulseaudio:17.0-68.30 Container suse/ltss/sle15.4/bci-base-fips:15.4.2.55 Container suse/manager/5.0/x86_64/server-migration-14-16:latest Container suse/mariadb:11.8.5-72.5 Container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.3.8.16.1 Container suse/postgres:16.14 Container suse/postgres:17.10 Container suse/postgres:18.3-contrib-65.3 Container suse/samba-client:latest Container suse/samba-server:4.21-71.24 Container suse/samba-toolbox:latest Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.2/toolbox:14.2-7.11.246 Container suse/sle-micro/5.3/toolbox:16.3-6.11.222 Container suse/sle-micro/5.4/toolbox:16.3-5.19.222 Container suse/sle-micro/5.5/toolbox:16.3-3.12.133 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GCE Image server-database-migration-image Affected
Container suse/389-ds:latest Affected
Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.17 Container suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.18 Container suse/manager/4.3/proxy-ssh:4.3.16.2.9.63.12 Container suse/manager/4.3/proxy-tftpd:4.3.16.2.9.63.13 Container suse/manager/5.0/x86_64/proxy-httpd:latest Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/proxy-ssh:latest Container suse/manager/5.0/x86_64/proxy-tftpd:latest Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.3.8.18.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.3.8.16.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.3.8.16.1 Container suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.3.8.16.1 Image SLES15-SP4-CHOST-BYOS-GCE Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Image SLES15-SP5-CHOST-BYOS-GCE Image proxy-httpd-image Image proxy-squid-image Image proxy-ssh-image Image proxy-tftpd-image Affected
Container suse/manager/5.0/x86_64/server:latest Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Azure-LI-BYOS Image SLES15-SP4-SAP-Azure-LI-BYOS-Production Image SLES15-SP4-SAP-Azure-VLI-BYOS Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-GCE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE Image SLES15-SP4-SAPCAL-GCE Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-GCE Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP5-SAP-BYOS-GCE Image SLES15-SP5-SAP-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Hardened-GCE Image SLES15-SP5-SAPCAL-GCE Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-GCE Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-GCE Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-GCE Image SLES15-SP6-SAPCAL-GCE Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-GCE Image SLES15-SP7-SAPCAL-GCE Affected
Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.3.9.16.1 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP7-EC2-ECS-HVM Image proxy-salt-broker-image Affected

Share

CVE-2025-15366 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy