cbcvebase.
CVE-2025-42599
published 2025-04-18

CVE-2025-42599: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and…

PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-05-19
Exploited in the wild
EPSS
3.02%
85.8th percentile
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.

Affected

2 ranges
VendorProductVersion rangeFixed in
qualitiaactive_!_mail< 6.60.050085626.60.05008562
qualitia_co_ltdactive!_mail_6

Detection & IOCsextracted from sources · hover to see the quote

versionActive! Mail 6 BuildInfo: 6.60.05008561
othermultipart/form-data header with oversized body
  • Enable WAF HTTP request body inspection and block multipart/form-data requests exceeding a defined size threshold — this is the vendor/CERT-recommended mitigation to interrupt the exploit delivery mechanism.
  • The vulnerability is triggered by a specially crafted HTTP request sent by a remote unauthenticated attacker; monitor for anomalous unauthenticated POST requests to Active! Mail endpoints, particularly those with large or malformed multipart/form-data bodies.
  • At least 227 internet-exposed Active! Mail servers have been identified as potentially vulnerable; prioritise scanning for internet-facing instances, especially in university and government networks (63 university instances identified).
  • ·The fixed version is Active! Mail 6 BuildInfo: 6.60.06008562; any deployment still running 6.60.05008561 or earlier on any supported OS is vulnerable.
  • ·The vulnerability affects all supported OS platforms, not just a specific OS variant — scope detection and patching efforts accordingly.
  • ·CISA's KEV remediation deadline for CVE-2025-42599 is May 19, 2025; federal and critical infrastructure operators must apply fixes or mitigations by that date or discontinue use.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.