Heap Corruption Vulnerability in Exim Mail Transfer Agent
CVE-2025-67896

6.4MEDIUM

Key Information:

Vendor: Exim
Status: Exim
Vendor: CVE Published:; 14 December 2025

What is CVE-2025-67896?

A vulnerability in Exim Mail Transfer Agent allows for remote heap corruption, potentially enabling an attacker to exploit this flaw for unauthorized access or denial of service. The issue affects versions prior to 4.99.1, emphasizing the need for users to update to the latest version. Detailed technical insights will be provided in a forthcoming security announcement on December 18, 2025.

Affected Version(s)

Exim 4.99 < 4.99.1

References

https://www.openwall.com/lists/oss-security/2025/12/11/2

https://exim.org/static/doc/security/

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2025
Vulnerability Reserved
Dec 14, 2025

JSON