CVE-2025-35436

CISA Thorium account verification email error handling

Description

CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.

INFO

Published Date :

2025-09-17T16:53:47.289Z

Last Modified :

2025-09-30T16:36:16.594Z

Source :

cisa-cg

AFFECTED PRODUCTS

The following products are affected by CVE-2025-35436 vulnerability.

Vendors	Products
Cisa	Thorium

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-35436.

URL	Resource
https://github.com/mjcarson/thorium/commit/6a65a2711fb2387e8c3eacebc774053741bf5aeb
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json
https://www.cve.org/CVERecord?id=CVE-2025-35436

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact