What is CVE-2025-43857?

CVE-2025-43857 is a vulnerability in Ruby Net-imap, classified under Uncontrolled Resource Consumption. Published 2025-04-28.

Is CVE-2025-43857 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Ruby Net-imap

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server resp…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.005 (67.5th percentile) — read the EPSS interpretation.

Affected products

Ruby Net-imap — versions >= 0.5.0, < 0.5.7, >= 0.4.0, < 0.4.20, >= 0.3.0, < 0.3.9

Weakness classification (CWE)

Public proof-of-concept exploits

lifeparticle/Ruby-Cheatsheet

References

https://github.com/ruby/net-imap/security/advisories/GHSA-j3g3-5qv5-52mj (x_refsource_CONFIRM)
https://github.com/ruby/net-imap/pull/442 (x_refsource_MISC)
https://github.com/ruby/net-imap/pull/444/commits/0ae8576c1a90bcd9573f81bdad4b4b824642d105#diff-53721cb4d9c3fb86b95cc8476ca2df90968ad8c481645220c607034399151462 (x_refsource_MISC)
https://github.com/ruby/net-imap/pull/445 (x_refsource_MISC)
https://github.com/ruby/net-imap/pull/446 (x_refsource_MISC)
https://github.com/ruby/net-imap/pull/447 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-43857?: CVE-2025-43857 is a vulnerability in Ruby Net-imap, classified under Uncontrolled Resource Consumption. Published 2025-04-28.
Is CVE-2025-43857 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.