Two high-severity vulnerabilities were disclosed in mail server software that allow unauthenticated remote code execution through crafted SMTP input. CVE-2019-25646 affects Tabs Mail Carrier 2.5.1, where an oversized MAIL FROM parameter triggers a buffer overflow on the SMTP service listening on port 25. The flaw can overwrite the EIP register and enable execution of attacker-controlled payloads, including a bind shell, giving remote attackers a direct path to code execution.
A second flaw, CVE-2025-71275, affects Zimbra Collaboration Suite 8.8.15 in the PostJournal service. In that case, improper sanitization of the SMTP RCPT TO parameter allows command injection via shell expansion syntax, leading to arbitrary command execution under the Zimbra service account. Both issues were classified with high impact across confidentiality, integrity, and availability, underscoring the risk posed by exposed SMTP services that process untrusted sender and recipient fields without adequate bounds checking or input sanitization.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
A CVE entry was recorded for a buffer overflow in Tabs Mail Carrier 2.5.1 triggered by an oversized SMTP MAIL FROM parameter, allowing remote unauthenticated attackers to overwrite EIP and execute arbitrary code. The vulnerability was classified as CWE-787 and marked high severity based on its impact to confidentiality, integrity, and availability.
A CVE entry was received for a command injection vulnerability in Zimbra Collaboration Suite 8.8.15 PostJournal that allows unauthenticated remote code execution via improper sanitization of the SMTP RCPT TO parameter. The entry classified the flaw as CWE-78 and assigned high-severity CVSS scores, with references including VulnCheck, Packet Storm, and Zimbra.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.