cbcvebase.
CVE-2025-30232
published 2025-03-28

CVE-2025-30232: A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.51%
39.5th percentile
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianexim4< exim4 4.96-15+deb12u7 (bookworm)exim4 4.96-15+deb12u7 (bookworm)
eximexim>= 4.96 < 4.98.24.98.2
eximexim4.96 – 4.98.1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.