← back
CVE-2025-42599

CVE-2025-42599

CVSS 9.8 CRITICALEPSS 3.0%● KEVCWE-121
In short

Active! mail 6 version 6.60.05008561 and earlier has a flaw that allows an attacker to send a specially crafted message that overflows a memory buffer, potentially letting them run malicious code or crash the system without needing a password.

Technical detail

A stack-based buffer overflow (CWE-121) exists in Active! mail 6 affecting versions up to 6.60.05008561. A remote unauthenticated attacker can send a crafted request that overflows stack memory, resulting in arbitrary code execution or denial-of-service. No authentication is required for exploitation.

Summary generated and translated by AI from the official description.
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
QUALITIA CO., LTD. · Active! mail 6

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN22348866/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-42599https://www.qualitia.com/jp/news/2025/04/18_1030.html