Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Exim < 4.98.1 SQL injection

๐Ÿ—“๏ธย 21 Feb 2025ย 00:00:00Reported byย TenableTypeย 
nessus
ย nessus๐Ÿ”—ย www.tenable.com๐Ÿ‘ย 33ย Views

Exim versions prior to 4.98.1 are vulnerable to remote SQL injection; upgrade recommended.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		exim -- SQL injection
21 Feb 202500:00
โ€“freebsd
0day.today		Exim 4.98 SQL Injection Vulnerability
24 Feb 202500:00
โ€“zdt
AlpineLinux		CVE-2025-26794
21 Feb 202513:15
โ€“alpinelinux
AstraLinux		 Astra Linux - ัƒัะทะฒะธะผะพัั‚ัŒ ะฒ exim4
20 May 202605:53
โ€“astralinux
Information Security Automation		April Linux Patch Wednesday
30 Apr 202523:34
โ€“avleonov
Circl		CVE-2025-26794
19 Feb 202522:30
โ€“circl
CNNVD		Exim ๅฎ‰ๅ…จๆผๆดž
21 Feb 202500:00
โ€“cnnvd
CVE		CVE-2025-26794
21 Feb 202500:00
โ€“cve
Cvelist		CVE-2025-26794
21 Feb 202500:00
โ€“cvelist
Debian CVE		CVE-2025-26794
21 Feb 202500:00
โ€“debiancve
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(216608);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-26794");
  script_xref(name:"IAVA", value:"2025-A-0206-S");

  script_name(english:"Exim < 4.98.1 SQL injection");

  script_set_attribute(attribute:"synopsis", value:
"The remote mail server is potentially affected by a SQL injection vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.exim.org/static/doc/security/CVE-2025-26794.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Exim 4.98.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-26794");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/02/21");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:exim:exim");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SMTP problems");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smtpserver_detect.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/smtp", 25);

  exit(0);
}

include('compat_shared.inc');
include('smtp_func.inc');

#  Requires a non-default configuration
if (report_paranoia < 2) audit(AUDIT_PARANOID);

var fixed_version = '4.98.1';
var port = get_service(svc:'smtp', default:25, exit_on_fail:TRUE);

var banner = get_smtp_banner(port:port);
if (!banner) audit(AUDIT_NO_BANNER, port);
if ('Exim' >!< banner) audit(AUDIT_NOT_LISTEN, 'Exim', port);

var matches = pregmatch(pattern:"220.*Exim ([0-9\._]+)", string:banner);
if (isnull(matches)) audit(AUDIT_SERVICE_VER_FAIL, 'Exim', port);

var version = matches[1];
# Underscore was added to the vesion
version = ereg_replace(string:version, pattern:'_', replace:'.');

if (ver_compare(ver:version, minver:'4.98', fix:fixed_version, strict:FALSE) < 0)
{
  var items = {
    'Banner': banner,
    'Installed version': version,
    'Fixed version': fixed_version
  };
  var ordering = ['Banner', 'Installed version', 'Fixed version'];
  var report = report_items_str(report_items:items, ordered_fields:ordering);

  security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'Exim', port, version);

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jan 2026 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 3.17.5 - 9.8
EPSS0.77997
SSVC
exim sql injection vulnerabilityremote sql injectionupgrade eximcve-2025-26794exim 4.98.1
33