CVE-2025-26794

Published Feb 21, 2025

Last updated 3 months ago

CVSS high 7.5

Overview

Description
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Source
cve@mitre.org
NVD status
Modified
Products
exim

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-89

Social media

Hype score
Not currently trending

  1. Exim Server の脆弱性 CVE-2025-26794:パッチ未適用の SQL インジェクション https://t.co/wvSU65Ohk9 この問題の原因は、Eximメールサーバーが外部から送られてくるデータを処理する際の、設計上の不備にあります。具体

    @iototsecnews

    5 Jan 2026

    114 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی برای سرویس میل Exim 4.99  آسیب پذیری با کد شناسایی CVE-2025-26794 از نوع sqlinjection منتشر شده است، دلیل اصلی آسیب پذیری دیتابیس Sqlite مربوط به این سرویس میل می باش

    @AmirHossein_sec

    24 Dec 2025

    88 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. به تازگی برای میل سرور exim آسیب پذیری با کد شناسایی CVE-2025-26794 و از نوع Sqlinjection منتشر شده است. نسخه 4.98 مربوط به exim دارای این آسیب پذیری می باشد . البته باید تنظیمات مربوط به Sqlite در Exim نیز فعال باشد. https://t.co/Poz3aKYxT1 https://t.co/4iNWoW2Eev

    @AmirHossein_sec

    26 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2025-26794 Exim Mail Transfer Agent Vulnerable to Remote SQL Injection, PoC Published 🎯1.4m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥PoC: https://t.co/UEbUKfNQ6B 🔗FOFA Link:https://t.co/8AzB7HeW4J FOFA Query:app="Exim-Mail-Server" &&

    @fofabot

    25 Feb 2025

    911 Impressions

    5 Retweets

    9 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  5. Critical SQL injection vulnerability (CVE-2025-26794) in Exim mail transfer agent allows attackers to exploit SQLite setups. Immediate patching needed to prevent data breaches. 🚨🛡️ #Exim #SQLInjection #USA link: https://t.co/DnyAsmu2BQ https://t.co/nZbiaNZVFZ

    @TweetThreatNews

    24 Feb 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #exploit 1. CVE-2024-45870, CVE-2024-45871, CVE-2024-45872: Bandiview DoS/Stack BoF https://t.co/nNDNRpgFGQ 2. SSRF on Sliver C2 teamserver https://t.co/KZ7IeUvSiy 3. CVE-2025-26794: SQLite (DBM) injection in Exim 4.98 https://t.co/j8nnsYL22w

    @ksg93rd

    24 Feb 2025

    211 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Обнаружена SQLi уязвимость CVE-2025-26794 в #Exim версии 4.98 при использовании сериализации ETRN. ETRN #',1); ## INSERT SQL HERE ## /* Для устранения проблемы рекомендуется обновиться до версии 4.98.1. Подробности и эксплойт в контейнере дос... https://t.co/D9OZ1fBn8I

    @IT_news_for_all

    24 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️ Vulnerability Alert: Exim Mail Transfer Vulnerability 📅 Timeline: Disclosure: 2025-02-24, Patch: 2025-02-27 📌 Attribution: N/A 🆔cveId: CVE-2025-26794 📊baseScore: 7.5 (High) 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity:… h

    @syedaquib77

    24 Feb 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published https://t.co/QJquAX8Hd8

    @Dinosn

    24 Feb 2025

    2407 Impressions

    6 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-26794 exposes Exim Mail Transfer Agent to remote SQL injection, with a proof-of-concept now available (https://t.co/6Wfpr5wQTF). System administrators should review server security urgently. #cybersecurity

    @adriananglin

    24 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-26794: SQL Injection in Exim 4.98, 7.5 rating❗️ A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/P32BoEqmyZ #cybersecurity #vulnerability_map #exim https://

    @Netlas_io

    24 Feb 2025

    1257 Impressions

    6 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  12. ⚠️ Vulnerability Alert: Exim Mail Transfer Agent Vulnerable to Remote SQL Injection 📅 Timeline: Disclosure: 2025-02-23, Patch: 2025-02-23 📌 Attribution: Not specified 🆔 CVE ID: CVE-2025-26794 📊 Base Score: 7.5 📏 CVSS Metrics:… https://t.co/ldk0lmf7vv

    @syedaquib77

    24 Feb 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨ALERT🚨 CVE-2025-26794 (CVSS: 7.5): Exim Mail Servers are exposed to a nasty remote SQL injection flaw. Hackers could exploit this with tricky ETRN requests, potentially stealing sensitive data or crashing servers.😱 🔥PoC: https://t.co/9DSlzPVMMv ZoomEye Dork👉app="Exim… http

    @zoomeye_team

    24 Feb 2025

    1013 Impressions

    8 Retweets

    16 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨ALER🚨 CVE-2025-26794 (CVSS: 7.5): Exim Mail Servers are exposed to a nasty remote SQL injection flaw. Hackers could exploit this with tricky ETRN requests, potentially stealing sensitive data or crashing servers.😱 🔥PoC: https://t.co/9DSlzPVMMv ZoomEye Dork👉app="Exim smtpd"

    @zoomeye_team

    24 Feb 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨ALER🚨 CVE-2025-26794 (CVSS: 7.5): Exim Mail Servers are exposed to a nasty remote SQL injection flaw. Hackers could exploit this with tricky ETRN requests, potentially stealing sensitive data or crashing servers.😱 🔥PoC: https://t.co/9DSlzPVMMv ZoomEye Dork👉app="Exim smtpd"

    @zoomeye_team

    24 Feb 2025

    42 Impressions

    0 Retweets

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  16. Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published Learn about CVE-2025-26794, a new vulnerability in #Exim that allows remote SQL injection attacks on specific configurations. https://t.co/raU0v3G8Dn

    @the_yellow_fall

    23 Feb 2025

    81 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CVE-2025-26794 🔴 HIGH (7.5) 🏢 Exim - Exim 🏗️ 4.98 🔗 https://t.co/BrqEhrmbgY 🔗 https://t.co/1BjlyWIZze #CyberCron #VulnAlert https://t.co/sDxGglnCX7

    @cybercronai

    21 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-26794 Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. https://t.co/u7n7Ch8n1Z

    @CVEnew

    21 Feb 2025

    635 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.CVE-2025-67896
  2. A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.CVE-2025-30232
  3. Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.CVE-2024-39929
  4. Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.CVE-2023-42119
  5. Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.CVE-2023-42117

References

Sources include official advisories and independent security research.