Skip to main content

Bluemail

1 CVEs product

Monthly

CVE-2025-65319 CRITICAL POC Act Now

Protection-mechanism bypass in BlueMail 1.140.103 and earlier on Windows lets attackers deliver files that are saved via the attachment-interaction feature without a Mark-of-the-Web (MOTW) tag, defeating Windows SmartScreen, Office Protected View, and third-party security software that rely on the MOTW zone identifier. Publicly available exploit code exists; the flaw is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no confirmed widespread exploitation yet. The practical effect is that a malicious document or executable arriving by email loses the 'downloaded from the Internet' provenance that would normally trigger a warning or block.

Authentication Bypass Microsoft Bluemail
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Protection-mechanism bypass in BlueMail 1.140.103 and earlier on Windows lets attackers deliver files that are saved via the attachment-interaction feature without a Mark-of-the-Web (MOTW) tag, defeating Windows SmartScreen, Office Protected View, and third-party security software that rely on the MOTW zone identifier. Publicly available exploit code exists; the flaw is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no confirmed widespread exploitation yet. The practical effect is that a malicious document or executable arriving by email loses the 'downloaded from the Internet' provenance that would normally trigger a warning or block.

Authentication Bypass Microsoft Bluemail
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy