CVE-2025-26794
Published: 21 February 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-26794 is a remote SQL injection vulnerability (CWE-89) in Exim 4.98 before 4.98.1. The issue arises when SQLite hints and ETRN serialization features are enabled, allowing injection into SQLite databases used by Exim, a popular mail transfer agent (MTA).
Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity (CVSS v3.1 score of 7.5: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Exploitation results in high-impact denial of service, potentially disrupting mail delivery without compromising confidentiality or integrity.
Exim security advisories recommend updating to version 4.98.1 to address the vulnerability. However, in certain non-default rate-limit configurations, resolving the SQL injection fully requires an update to 4.99.1. Additional details are available in the Exim security report at https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt, the patch commit at https://code.exim.org/exim/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305, and related resources on https://exim.org and https://github.com/Exim/exim/wiki/EximSecurity.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote SQL injection in public-facing Exim MTA directly enables exploitation of the application to cause denial of service (high availability impact, no C/I), mapping to application/system exploitation for endpoint DoS.