CVE-2025-26794

Published Feb 21, 2025

Last updated a month ago

CVSS high 7.5

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-26794 is a remote SQL injection vulnerability affecting Exim mail transfer agent version 4.98. This vulnerability arises when Exim is configured to use SQLite hints and ETRN serialization. Exploitation is possible when an attacker sends specially crafted ETRN requests to a susceptible Exim server. Specifically, the server must be running Exim version 4.98, compiled with the USE_SQLITE option enabled. Additionally, the runtime configuration must have ETRN enabled (acl_smtp_etrn returns 'accept') and smtp_etrn_serialize set to 'true' (the default setting). This combination of factors allows attackers to inject malicious SQL commands, potentially granting unauthorized access to sensitive data or disrupting server operations.

Description
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-89

Social media

Hype score
Not currently trending

  1. به تازگی برای میل سرور exim آسیب پذیری با کد شناسایی CVE-2025-26794 و از نوع Sqlinjection منتشر شده است. نسخه 4.98 مربوط به exim دارای این آسیب پذیری می باشد . البته باید تنظیمات مربوط به Sqlite در Exim نیز فعال باشد. https://t.co/Poz3aKYxT1 https://t.co/4iNWoW2Eev

    @AmirHossein_sec

    26 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️⚠️ CVE-2025-26794 Exim Mail Transfer Agent Vulnerable to Remote SQL Injection, PoC Published 🎯1.4m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥PoC: https://t.co/UEbUKfNQ6B 🔗FOFA Link:https://t.co/8AzB7HeW4J FOFA Query:app="Exim-Mail-Server" &&

    @fofabot

    25 Feb 2025

    911 Impressions

    5 Retweets

    9 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  3. Critical SQL injection vulnerability (CVE-2025-26794) in Exim mail transfer agent allows attackers to exploit SQLite setups. Immediate patching needed to prevent data breaches. 🚨🛡️ #Exim #SQLInjection #USA link: https://t.co/DnyAsmu2BQ https://t.co/nZbiaNZVFZ

    @TweetThreatNews

    24 Feb 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #exploit 1. CVE-2024-45870, CVE-2024-45871, CVE-2024-45872: Bandiview DoS/Stack BoF https://t.co/nNDNRpgFGQ 2. SSRF on Sliver C2 teamserver https://t.co/KZ7IeUvSiy 3. CVE-2025-26794: SQLite (DBM) injection in Exim 4.98 https://t.co/j8nnsYL22w

    @ksg93rd

    24 Feb 2025

    211 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Обнаружена SQLi уязвимость CVE-2025-26794 в #Exim версии 4.98 при использовании сериализации ETRN. ETRN #',1); ## INSERT SQL HERE ## /* Для устранения проблемы рекомендуется обновиться до версии 4.98.1. Подробности и эксплойт в контейнере дос... https://t.co/D9OZ1fBn8I

    @IT_news_for_all

    24 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️ Vulnerability Alert: Exim Mail Transfer Vulnerability 📅 Timeline: Disclosure: 2025-02-24, Patch: 2025-02-27 📌 Attribution: N/A 🆔cveId: CVE-2025-26794 📊baseScore: 7.5 (High) 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity:… h

    @syedaquib77

    24 Feb 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published https://t.co/QJquAX8Hd8

    @Dinosn

    24 Feb 2025

    2407 Impressions

    6 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-26794 exposes Exim Mail Transfer Agent to remote SQL injection, with a proof-of-concept now available (https://t.co/6Wfpr5wQTF). System administrators should review server security urgently. #cybersecurity

    @adriananglin

    24 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-26794: SQL Injection in Exim 4.98, 7.5 rating❗️ A vulnerability in the Exim mail transfer agent could allow a remote attacker to perform SQL injection. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/P32BoEqmyZ #cybersecurity #vulnerability_map #exim https://

    @Netlas_io

    24 Feb 2025

    1257 Impressions

    6 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ Vulnerability Alert: Exim Mail Transfer Agent Vulnerable to Remote SQL Injection 📅 Timeline: Disclosure: 2025-02-23, Patch: 2025-02-23 📌 Attribution: Not specified 🆔 CVE ID: CVE-2025-26794 📊 Base Score: 7.5 📏 CVSS Metrics:… https://t.co/ldk0lmf7vv

    @syedaquib77

    24 Feb 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨ALERT🚨 CVE-2025-26794 (CVSS: 7.5): Exim Mail Servers are exposed to a nasty remote SQL injection flaw. Hackers could exploit this with tricky ETRN requests, potentially stealing sensitive data or crashing servers.😱 🔥PoC: https://t.co/9DSlzPVMMv ZoomEye Dork👉app="Exim… http

    @zoomeye_team

    24 Feb 2025

    1013 Impressions

    8 Retweets

    16 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨ALER🚨 CVE-2025-26794 (CVSS: 7.5): Exim Mail Servers are exposed to a nasty remote SQL injection flaw. Hackers could exploit this with tricky ETRN requests, potentially stealing sensitive data or crashing servers.😱 🔥PoC: https://t.co/9DSlzPVMMv ZoomEye Dork👉app="Exim smtpd"

    @zoomeye_team

    24 Feb 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨ALER🚨 CVE-2025-26794 (CVSS: 7.5): Exim Mail Servers are exposed to a nasty remote SQL injection flaw. Hackers could exploit this with tricky ETRN requests, potentially stealing sensitive data or crashing servers.😱 🔥PoC: https://t.co/9DSlzPVMMv ZoomEye Dork👉app="Exim smtpd"

    @zoomeye_team

    24 Feb 2025

    42 Impressions

    0 Retweets

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  14. Exim Mail Transfer Agent Vulnerable to Remote SQL Injection (CVE-2025-26794), PoC Published Learn about CVE-2025-26794, a new vulnerability in #Exim that allows remote SQL injection attacks on specific configurations. https://t.co/raU0v3G8Dn

    @the_yellow_fall

    23 Feb 2025

    81 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 CVE-2025-26794 🔴 HIGH (7.5) 🏢 Exim - Exim 🏗️ 4.98 🔗 https://t.co/BrqEhrmbgY 🔗 https://t.co/1BjlyWIZze #CyberCron #VulnAlert https://t.co/sDxGglnCX7

    @cybercronai

    21 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-26794 Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. https://t.co/u7n7Ch8n1Z

    @CVEnew

    21 Feb 2025

    635 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References