← back
CVE-2025-30232

CVE-2025-30232

CVSS 8.1 HIGHEPSS 0.5%CWE-416
In short

Exim mail server has a use-after-free memory vulnerability that could let users with command-line access gain higher privileges on the system. This happens when the software tries to use memory that has already been freed, causing unpredictable behavior.

Technical detail

A use-after-free condition exists in Exim versions 4.96-4.98.1 where freed memory is accessed during execution, triggered by local command-line invocation. This memory safety issue enables privilege escalation for authenticated command-line users due to improper memory management during program flow.

Summary generated and translated by AI from the official description.
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Exim · Exim

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exim.org/static/doc/security/CVE-2025-30232.txthttp://www.openwall.com/lists/oss-security/2025/03/26/1