CVE-2025-30232
published 2025-03-28CVE-2025-30232: A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.51%
39.5th percentile
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.96-15+deb12u7 (bookworm) | exim4 4.96-15+deb12u7 (bookworm) |
| exim | exim | >= 4.96 < 4.98.2 | 4.98.2 |
| exim | exim | 4.96 – 4.98.1 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Exim vulnerability
vendor_ubuntu·2025-03-26
CVE-2025-30232 Exim vulnerability
Title: Exim vulnerability
Summary: Exim could be made to crash or run programs if it received specially
crafted network traffic.
It was discovered that Exim incorrectly handled certain memory operations.
A remote attacker could use this issue to cause Exim to crash, resulting in
a denial of service, or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2025-30232: exim4 - A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-lin...
vendor_debian·2025·CVSS 8.1
CVE-2025-30232 [HIGH] CVE-2025-30232: exim4 - A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-lin...
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
Scope: local
bookworm: resolved (fixed in 4.96-15+deb12u7)
bullseye: resolved
forky: resolved (fixed in 4.98.1-2)
sid: resolved (fixed in 4.98.1-2)
trixie: resolved (fixed in 4.98.1-2)
OSV
CVE-2025-30232: A use-after-free in Exim 4
osv·2025-03-28·CVSS 7.8
CVE-2025-30232 [HIGH] CVE-2025-30232: A use-after-free in Exim 4
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
GHSA
GHSA-qw8f-786p-mp4v: A use-after-free in Exim 4
ghsa_unreviewed·2025-03-28
CVE-2025-30232 [HIGH] CWE-416 GHSA-qw8f-786p-mp4v: A use-after-free in Exim 4
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
No detection rules found.
No public exploits indexed.
2025-03-28
Published