CVE-2025-26794

7.5 HIGH

Published: February 21, 2025 Modified: December 18, 2025

Description

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1237424

Source: cve@mitre.org

Issue Tracking Third Party Advisory

https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305

Source: cve@mitre.org

Patch

https://exim.org

Source: cve@mitre.org

Product

https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt

Source: cve@mitre.org

https://github.com/Exim/exim/wiki/EximSecurity

Source: cve@mitre.org

Vendor Advisory

https://github.com/NixOS/nixpkgs/pull/383926

Source: cve@mitre.org

Release Notes

https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d

Source: cve@mitre.org

Patch

https://www.exim.org/static/doc/security/CVE-2025-26794.txt

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2025/02/19/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2025/02/21/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2025/02/21/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

11 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

72.1%

99th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

exim

Related CVEs