CVE-2025-15366

Name: Websites susceptible to CVE-2025-15366
Creator: WebTechSurvey

CVE-2025-15366

IMAP command injection in user-controlled commands

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

We have discovered 486 live websites that are affected by CVE-2025-15366.

Run a Free Instant Scan

Affected Software


Product	CPython
Category	Programming Languages
Vulnerable Domains	486 live websites (100% of CPython install base)
Vulnerable Versions	from 0 through 3.15
Vulnerable Versions Count	79 versions ( 100% of all versions)

Common Weakness Enumeration

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Available Reports

Website List

Details

Published - Jan 20, 2026
Updated - Jan 22, 2026

Credits

Omar M. Hasan (reporter)

CVE References

CWE References

cwe.mitre.org

CWE

CWE-77

Website Distribution by Country

Number of websites using CVE-2025-15366

United States	162 websites

Germany	60 websites
Singapore	26 websites
Russia	25 websites
France	19 websites
India	16 websites
GB	13 websites
China	12 websites
Brazil	11 websites
Switzerland	11 websites

Website Distribution by TLD

Number of websites using CVE-2025-15366

.com	168 websites
.org	47 websites
.dk	25 websites
.de	20 websites
.net	17 websites
.ru	12 websites
.nl	9 websites
.edu	9 websites
.fr	8 websites
.ch	7 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-15366

Top websites that are affected by CVE-2025-15366. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
**********.com	United States	,*
*****.*.org	Germany	*,*
*****.org	Germany	*,*
**.*******.*.au	Australia	*,*
********.org	Nepal	*,*
***.***.de	Germany	*,*
**************.com	United States	*,*
******..**.gr	Greece	*,*
*.******.it	Italy	*,*
*************.nl	Netherlands	*,*