BURSTA critical security vulnerability has been identified in the widely used Exim mail transfer agent (MTA), potentially allowing attackers with command-line access to escalate privileges on affected systems.
The vulnerability, tracked as CVE-2025-30232, affects Exim versions 4.96 through 4.98.1 and has been patched in the recently released version 4.98.2.
Exim Use-After-Free Vulnerability
The use-after-free (UAF) vulnerability could allow attackers to gain elevated privileges on vulnerable systems.
Use-after-free vulnerabilities occur when a program continues to use a pointer after the memory it references has been freed, creating a security gap that attackers can exploit to manipulate program behavior.
“A use-after-free is possible, with potential for privilege escalation,” states the official security bulletin released by the Exim.
The vulnerability specifically requires command-line access to exploit, which somewhat limits the attack vector but remains a serious concern for system administrators managing Exim mail servers.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
The vulnerability was responsibly disclosed by security researchers at Trend Micro through their Zero Day Initiative.
Exim is one of the most popular mail transfer agents globally, powering approximately 49.60% of mail servers according to some surveys.
As the default MTA on Debian-based Linux systems, including Ubuntu, the potential impact of this vulnerability is significant.
Security researchers warn that UAF vulnerabilities are particularly dangerous because they can be exploited to execute malicious code, potentially leading to severe consequences such as data breaches or system compromise.
In the case of mail servers, compromised systems could lead to email interception, data theft, or be used as a platform for further attacks.
The summary of the vulnerability is given below:
| Risk Factors | Details |
| Affected Products | Exim MTA versions 4.96, 4.97, 4.98, 4.98.1Ubuntu 24.04 LTS (Noble) and 24.10 (Oracular)Debian Bookworm (12.x) |
| Impact | Privilege escalation |
| Exploit Prerequisites | Local command-line access to vulnerable system |
| CVSS 3.1 Score | 9.8 (Critical) |
Mitigation and Patching
System administrators are strongly advised to update to Exim version 4.98.2, which contains the fix for this vulnerability.
Ubuntu has already released security updates for affected versions in their distributions, with fixes available for Ubuntu 24.04 LTS (Noble) and 24.10 (Oracular).
For Debian-based systems, administrators can update using:
Organizations unable to immediately patch vulnerable systems should consider temporary mitigation strategies, including:
- Restricting command-line access to the server
- Temporarily stopping the Exim service using service exim stop if email services can be interrupted
- Implementing additional access controls to limit potential attack vectors
This isn’t the first serious vulnerability discovered in Exim.
In 2019, a critical vulnerability (CVE-2019-10149) allowed remote code execution with root privileges, and in 2021, security researchers identified multiple critical vulnerabilities including a use-after-free flaw in tls-openssl.c that could be exploited for remote code execution.
The discovery of CVE-2025-30232 highlights the ongoing importance of prompt security updates for critical infrastructure software like mail servers, which remain high-value targets for attackers seeking to compromise networks or gain unauthorized access to sensitive communications.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Exim Use-After-Free Vulnerability Allows Privilege Escalation appeared first on Cyber Security News.