CVE-2025-26794
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
72.1%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Technical Details
- Published
- 2/21/2025
Frequently Asked Questions
What is CVE-2025-26794?
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
Is CVE-2025-26794 actively exploited?
Active exploitation of CVE-2025-26794 has not been confirmed. The EPSS score is 72.1%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-26794?
CVE-2025-26794 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2025-26794 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.