What is CVE-2025-25186?

CVE-2025-25186 is a medium-severity vulnerability in Ruby Net-imap, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2025-02-10.

How severe is CVE-2025-25186?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2025-25186 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Ruby Net-imap

CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.001 (33.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Ruby Net-imap — versions >= 0.3.2, < 0.3.8, >= 0.4.0, < 0.4.19, >= 0.5.0, < 0.5.6

Weakness classification (CWE)

Public proof-of-concept exploits

References

https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69 (x_refsource_CONFIRM)
https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35 (x_refsource_MISC)
https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3 (x_refsource_MISC)
https://github.com/ruby/net-imap/commit/cb92191b1ddce2d978d01b56a0883b6ecf0b1022 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-25186?: CVE-2025-25186 is a medium-severity vulnerability in Ruby Net-imap, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2025-02-10.
How severe is CVE-2025-25186?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2025-25186 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.