CVE-2025-30232: Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation
do son 
Exim, a widely used message transfer agent (MTA) for Unix systems, is facing a critical security vulnerability. Tracked as CVE-2025-30232, the flaw is a use-after-free vulnerability that may enable local privilege escalation under specific conditions.
Exim: A Brief Overview
Exim is a message transfer agent (MTA) originally developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. Exim is similar in style to Smail 3, but its facilities are more general. It offers flexibility in mail routing and extensive facilities for checking incoming mail. Notably, Exim can be installed as a replacement for Sendmail, though their configurations differ significantly.
Vulnerability Details
A significant security vulnerability has been identified in Exim:
- CVE-2025-30232: A use-after-free vulnerability exists, potentially leading to privilege escalation.
Conditions for Vulnerability
The following conditions must be met for a system to be vulnerable:
- Exim Version:
- 4.96
- 4.97
- 4.98
- 4.98.1
- Command-line access is required to exploit this vulnerability.
Potential Impact
The use-after-free vulnerability can be exploited to achieve privilege escalation. This could allow an attacker to gain unauthorized access to system resources and execute arbitrary commands with elevated privileges, potentially compromising the entire server.
Recommendations
Administrators of systems running the affected Exim versions (4.96, 4.97, 4.98, and 4.98.1) are strongly advised to:
- Apply Security Patches: Immediately apply the security patches provided by their respective Linux distributions.
- Stay Informed: Subscribe to the Exim announce mailing list (<exim-announce@lists.exim.org>) and monitor the Exim Git repository for further updates and information.
- Review Security Practices: Ensure that appropriate security practices are in place to limit command-line access to the server, reducing the potential attack surface.
Related Posts:
- Critical Exim Bug Exposes Email Servers to Remote Attacks
- Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published
- buffer overflow flaw in the SMTP listener of Exim, 400k servers may be exploited
- Exim heap-based buffer overflow vulnerability
- Exim Vulnerability CVE-2023-42118 Affects Sophos Firewall and SG UTM Customers
