Exim Use-After-Free Vulnerability Permits Privilege Escalation

A major safety risk has been uncovered in Exim, a well-liked open-source mail switch agent (MTA) extensively utilized in Linux distributions.

Recognized as CVE-2025-30232, this vulnerability permits for a doubtlessly extreme type of exploitation generally known as a use-after-free (UAF). This sort of bug can result in privilege escalation, posing substantial dangers for directors and customers alike.

Timeline of Occasions

The invention and response to this vulnerability have been swift and coordinated:

• 2025/03/13: The vulnerability was first reported by Development Micro, demonstrating their dedication to accountable disclosure.
• 2025/03/18: Acknowledgment of the report was despatched to the reporting get together.
• 2025/03/19: A CVE ID was assigned, and notifications had been despatched to distribution maintainers by way of the OpenWall mailing lists and exim-maintainers to make sure immediate motion.
• 2025/03/21: A safety launch was made out there completely for distribution maintainers to replace their packages.
• 2025/03/25: Public notification was issued to tell customers of the vulnerability.
• 2025/03/26: The safety patches had been made publicly out there on Exim’s Git repository.

Vulnerability Particulars

The vulnerability particularly impacts Exim variations 4.96, 4.97, 4.98, and 4.98.1. To be weak, two situations should be met:

1. Exim Model: The system should be operating one of many specified weak variations.
2. Command-Line Entry: The attacker should have command-line entry to the server.

This UAF vulnerability can doubtlessly permit an attacker to escalate privileges, which implies gaining larger ranges of entry or management over the system than initially granted.

Such a situation is especially harmful because it may result in unauthorized information entry, system compromise, and even the deployment of malware.

In accordance with Exim, Development Micro is credited with discovering and responsibly reporting this challenge (Ref: ZDI-CAN-26250). Their diligence has helped forestall potential misuse and ensured well timed patches had been developed.

To mitigate this danger, all customers of affected Exim variations are suggested to replace to the most recent safe model as quickly as potential.

Distribution maintainers have already acquired safety releases, which needs to be propagated via common package deal updates.

CVE-2025-30232 is a critical use-after-free vulnerability in Exim that may very well be exploited for privilege escalation. Immediate motion is crucial to guard in opposition to this risk.

Customers ought to search for updates of their system’s package deal supervisor and apply them on the earliest alternative.

Are you from SOC/DFIR Groups? – Analyse Malware, Phishing Incidents & get reside Entry with ANY.RUN -> Begin Now for Free.