CVE-2025-26794 — SQL Injection in Exim

CWE-89 — SQL Injection10 documents9 sources

Severity

9.8CRITICALNVD

CNA7.5

EPSS

74.7%

top 1.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exim

Timeline

PublishedFeb 21

Latest updateFeb 25

Description

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5exim/exim4.98 — 4.98.1

▶NVDexim/exim4.98 — 4.98.1

Patches

Patch: code.exim.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v8m7-99rg-xp5c: Exim 4↗2025-02-21

▶

OSV

CVE-2025-26794: Exim 4↗2025-02-21

▶

OSV

CVE-2025-26794: Exim 4↗2025-02-21

▶

CVEList

CVE-2025-26794: Exim 4↗2025-02-21

▶

🔍Detection Rules

Suricata

ET EXPLOIT Exim SQLite (DBM) Injection (CVE-2025-26794)↗2025-02-25

▶

📋Vendor Advisories

Red Hat

exim: Exim: remote SQL injection↗2025-02-21

▶

Debian

CVE-2025-26794: exim4 - Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allo...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-67896 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

📐Framework References

CWE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')↗

▶