CVE-2025-30232 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
mitre	CNA	8.1 HIGH				CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Debian Releases

Debian Product

Codename

exim4

bullseye	4.94.2-7+deb11u3 not-affected
bullseye (security)	4.94.2-7+deb11u4 fixed
bookworm	vulnerable
bookworm (security)	4.96-15+deb12u7 fixed
trixie	4.98.1-2 fixed
sid	4.98.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

exim4

oracular	Fixed 4.98-1ubuntu2.1 released
noble	Fixed 4.97-4ubuntu4.3 released
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Exim: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in Exim ausnutzen, um seine Privilegien zu erhöhen.
Published: 2025-03-26T23:00:00+00:00
[ENGLISH] ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected
Published: 2025-03-31T16:55:00+05:30

References

https://www.exim.org/static/doc/security/CVE-2025-30232.txt

http://www.openwall.com/lists/oss-security/2025/03/26/1