CVE-2025-67896
published 2025-12-14CVE-2025-67896: Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.40%
32.2th percentile
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | exim4 | < exim4 4.99-7 (forky) | exim4 4.99-7 (forky) |
| exim | exim | < 4.99.1 | 4.99.1 |
| exim | exim | >= 4.99 < 4.99.1 | 4.99.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian7.0LOW
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-67896: Exim before 4
osv·2025-12-14·CVSS 9.8
CVE-2025-67896 [CRITICAL] CVE-2025-67896: Exim before 4
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
OSV
CVE-2025-67896: Exim before 4
osv·2025-12-14·CVSS 9.8
CVE-2025-67896 [CRITICAL] CVE-2025-67896: Exim before 4
Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18.
GHSA
GHSA-6qxw-x3vc-phrg: Exim before 4
ghsa_unreviewed·2025-12-14
CVE-2025-67896 [MEDIUM] CWE-122 GHSA-6qxw-x3vc-phrg: Exim before 4
Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18.
Red Hat
exim: Exim: Remote heap corruption vulnerability
vendor_redhat·2025-12-14·CVSS 7.0
CVE-2025-67896 [HIGH] CWE-825 exim: Exim: Remote heap corruption vulnerability
exim: Exim: Remote heap corruption vulnerability
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
A flaw was found in Exim. A remote attacker could exploit a heap corruption vulnerability, which is a type of memory error, to potentially cause the system to crash (Denial of Service) or execute unauthorized code. Further details regarding the exploitation method are expected to be released at a later date.
Statement: This vulnerability is rated Moderate as it allows a remote attacker to exploit a heap corruption flaw. This could lead to a denial of service or arbitrary code execution. This issue impacts Exim in Community Projects, includin
Debian
CVE-2025-67896: exim4 - Exim before 4.99.1, with certain non-default rate-limit configurations, allows a...
vendor_debian·2025·CVSS 7.0
CVE-2025-67896 [HIGH] CVE-2025-67896: exim4 - Exim before 4.99.1, with certain non-default rate-limit configurations, allows a...
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved (fixed in 4.99-7)
sid: resolved (fixed in 4.99-7)
trixie: resolved
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-67896 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-67896 [MEDIUM] CVE-2025-67896 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67896 :
Exim vulnerability analysis and mitigation
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
Source : NVD
## 9.8
Score
Published December 14, 2025
Severity CRITICAL
CNA Score 7.0
Affected Technologies
Exim
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
exim-pgsql-debuginfo
cpe:2.3:a:exim:exim
Sources
Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21 Severity CRITICAL No Fix Added at: Dec 24, 2025
Bugzilla
CVE-2025-67896 exim: Exim: Remote heap corruption vulnerability [fedora-42]
bugzilla·2026-01-16·CVSS 9.8
CVE-2025-67896 [CRITICAL] CVE-2025-67896 exim: Exim: Remote heap corruption vulnerability [fedora-42]
CVE-2025-67896 exim: Exim: Remote heap corruption vulnerability [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version'
2025-12-14
Published