Summary: A critical SQL injection vulnerability (CVE-2025-26794) in the Exim mail transfer agent has been disclosed, impacting email system security by allowing attackers to manipulate databases. This vulnerability specifically affects Exim Version 4.98 setups using SQLite, posing severe risks including data exfiltration and complete system takeover. The Exim development team has released patches and emphasized the need for organizations to implement immediate mitigations to secure their systems.
Affected: Exim mail transfer agent (Version 4.98 with SQLite integration)
Keypoints :
- Vulnerability allows SQL injection through crafted email transactions, potentially leading to unauthorized database access.
- Three conditions must be met for exploitation: a vulnerable Exim build with ETRN enabled and serialization bypass.
- Organizations should verify their Exim versions, disable unnecessary SQLite integration, and apply the official patch immediately.
- The Exim maintainers recommend upgrading to version 4.98.1 for enhanced security measures against similar vulnerabilities.
- This incident highlights ongoing security challenges in open-source email systems and the importance of regular software updates.
Source: https://gbhackers.com/exim-mail-transfer-vulnerability/