CVE-2025-42599
published 2025-04-18CVE-2025-42599: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-05-19
Exploited in the wild
EPSS
3.02%
85.8th percentile
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualitia | active_!_mail | < 6.60.05008562 | 6.60.05008562 |
| qualitia_co_ltd | active!_mail_6 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Enable WAF HTTP request body inspection and block multipart/form-data requests exceeding a defined size threshold — this is the vendor/CERT-recommended mitigation to interrupt the exploit delivery mechanism. ↗
- →The vulnerability is triggered by a specially crafted HTTP request sent by a remote unauthenticated attacker; monitor for anomalous unauthenticated POST requests to Active! Mail endpoints, particularly those with large or malformed multipart/form-data bodies. ↗
- →At least 227 internet-exposed Active! Mail servers have been identified as potentially vulnerable; prioritise scanning for internet-facing instances, especially in university and government networks (63 university instances identified). ↗
- ·The fixed version is Active! Mail 6 BuildInfo: 6.60.06008562; any deployment still running 6.60.05008561 or earlier on any supported OS is vulnerable. ↗
- ·The vulnerability affects all supported OS platforms, not just a specific OS variant — scope detection and patching efforts accordingly. ↗
- ·CISA's KEV remediation deadline for CVE-2025-42599 is May 19, 2025; federal and critical infrastructure operators must apply fixes or mitigations by that date or discontinue use. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
cisa·2025-04-28·CVSS 9.8
CVE-2025-42599 [CRITICAL] CWE-121 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Vulnerability: Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Affected: Qualitia Active! Mail
Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.qualitia.com/jp/news/2025/04/18_1030.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-42599
Remediation Due Date: 2025-05-19
GHSA
GHSA-wvvm-3j2m-8rj3: Active! mail 6 BuildInfo: 6
ghsa_unreviewed·2025-04-18
CVE-2025-42599 [CRITICAL] CWE-121 GHSA-wvvm-3j2m-8rj3: Active! mail 6 BuildInfo: 6
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
VulnCheck
Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
vulncheck·2025·CVSS 9.8
CVE-2025-42599 [CRITICAL] CWE-121 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability
Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.
Affected: Qualitia Active! Mail
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://jvn.jp/en/jp/JVN22348866/index.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cyble.com/resources/research-reports/global-cybersecurity-report/; https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-202
No detection rules found.
No public exploits indexed.
Bleepingcomputer
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
blogs_bleepingcomputer·2025-04-29·CVSS 8.6
[HIGH] CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
## CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
## Bill Toulas
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks.
The flaws were added yesterday to CISA's 'Known Exploited Vulnerabilities' (KEV) catalog , with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited.
Broadcom Brocade Fabric OS is a specialized operating system that runs on the company's Brocade Fibre Channel switches to manage and optimize storage area networks (SAN).
Earlier this month, Broadcom disclosed an arbitrary code execution flaw impacting Fabric OS versions 9.1.0 through 9.1.1d6, tracked und
Bleepingcomputer
Active! Mail RCE flaw exploited in attacks on Japanese orgs
blogs_bleepingcomputer·2025-04-22·CVSS 9.8
[CRITICAL] Active! Mail RCE flaw exploited in attacks on Japanese orgs
## Active! Mail RCE flaw exploited in attacks on Japanese orgs
## Bill Toulas
An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan.
Active! mail is a web-based email client developed initially by TransWARE and later acquired by Qualitia, both Japanese companies.
While it's not widely used worldwide like Gmail or Outlook, Active! is often used as a groupware component in Japanese-language environments of large corporations, universities, government agencies, and banks.
According to the vendor, Active! is used in over 2,250 organizations , boasting over 11,000,000 accounts, making it a significant player in the country's business webmail market.
Late last week, Qualitia released a security bulletin about a stack-b
2025-04-18
Published
2025-04-28
Added to CISA KEV
Exploited in the wild