CVE-2025-67896

Published Dec 14, 2025

Last updated 3 months ago

CVSS high 7.0

Overview

Description
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
Source
cve@mitre.org
NVD status
Analyzed
Products
exim

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-122

Social media

Hype score
Not currently trending

  1. Die Maintainer des Exim Mail Transfer Agents haben die Version 4.99.1 freigegeben. Dringender Handlungsbedarf: Die Version 4.99.1 schließt die Lücke CVE-2025-67896. https://t.co/uTGZ63XFru https://t.co/nhEFsprzKT

    @FORMALITYDE

    18 Dec 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.CVE-2025-30232
  2. Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)CVE-2025-26794
  3. Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.CVE-2024-39929
  4. Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. . Was ZDI-CAN-17643.CVE-2023-42119
  5. Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.CVE-2023-42117

References

Sources include official advisories and independent security research.