Login Sign Up

CVE-2025-61962

5.9 MEDIUM
Denial of Service

📋 TL;DR

A vulnerability in fetchmail's SMTP client can cause a crash when processing malformed authentication responses with a 334 status code. This affects systems running fetchmail versions before 6.5.6 that use SMTP authentication. The impact is limited to denial of service through application crashes.

💻 Affected Systems

Products:
  • fetchmail
Versions: All versions before 6.5.6
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when fetchmail is configured to use SMTP authentication. Systems using POP3/IMAP without SMTP or without authentication are not affected.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Fetchmail crashes repeatedly, disrupting email retrieval services and potentially causing mail queue buildup or service unavailability.

🟠

Likely Case

Intermittent fetchmail crashes when connecting to SMTP servers that send malformed authentication responses, requiring manual restart of fetchmail processes.

🟢

If Mitigated

With proper monitoring and automatic restart mechanisms, impact is limited to brief service interruptions.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to send malformed SMTP authentication responses to fetchmail, typically requiring control of the SMTP server or man-in-the-middle position.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.5.6

Vendor Advisory: https://www.fetchmail.info/fetchmail-SA-2025-01.txt

Restart Required: Yes

Instructions:

1. Download fetchmail 6.5.6 from official sources. 2. Compile and install following standard procedures. 3. Restart fetchmail daemon or services. 4. Verify version with 'fetchmail --version'.

🔧 Temporary Workarounds

Disable SMTP authentication

linux

Configure fetchmail to use POP3/IMAP without SMTP authentication if possible

Edit fetchmailrc to remove SMTP authentication options

Use alternative mail retrieval

all

Temporarily use different mail retrieval software while patching

🧯 If You Can't Patch

  • Implement monitoring and automatic restart for fetchmail processes
  • Restrict network access to trusted SMTP servers only

🔍 How to Verify

Check if Vulnerable:

Run 'fetchmail --version' and check if version is below 6.5.6

Check Version:

fetchmail --version | head -1

Verify Fix Applied:

Run 'fetchmail --version' and confirm version is 6.5.6 or higher

📡 Detection & Monitoring

Log Indicators:

  • fetchmail crash logs
  • segmentation fault messages in system logs
  • unexpected fetchmail process termination

Network Indicators:

  • Failed SMTP authentication attempts followed by connection termination

SIEM Query:

process.name="fetchmail" AND (event.action="crashed" OR log.level="error")

📊 Metadata

CVE ID: CVE-2025-61962
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-142
EPSS Score: 0.08% exploit probability (23.7th percentile)
Published: October 4, 2025
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON