Cyber Resilience

CVE-2025-30232

High

Published: 28 March 2025

Published
28 March 2025
Modified
30 September 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0008 24.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30232 is a high-severity Use After Free (CWE-416) vulnerability in Exim Exim. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-30232 is a use-after-free vulnerability (CWE-416) in the Exim mail transfer agent, affecting versions 4.96 through 4.98.1. Published on 2025-03-28, it carries a CVSS v3.1 base score of 8.1 (AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating a high-severity issue that could lead to privilege escalation for users with command-line access.

The vulnerability can be exploited by local attackers who have command-line access to the system but require no prior privileges (PR:N). Exploitation demands high attack complexity (AC:H) and no user interaction (UI:N), but success grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C), allowing privilege escalation.

Mitigation guidance is detailed in the Exim security advisory at https://www.exim.org/static/doc/security/CVE-2025-30232.txt and the OSS-Security mailing list post at http://www.openwall.com/lists/oss-security/2025/03/26/1.

EU & UK References

Vulnerability details

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free in Exim directly enables privilege escalation for command-line users via software exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-45185Same product: Exim Exim
CVE-2026-40685Same product: Exim Exim
CVE-2025-67896Same product: Exim Exim
CVE-2025-26794Same product: Exim Exim
CVE-2026-40684Same product: Exim Exim
CVE-2026-40687Same product: Exim Exim
CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416

Affected Assets

exim
exim
4.96 — 4.98.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability in Exim by identifying, testing, and deploying timely patches to affected versions 4.96 through 4.98.1.

prevent

Implements memory protection safeguards like ASLR and DEP that mitigate exploitation of the use-after-free vulnerability by preventing unauthorized code execution.

prevent

Enforces least privilege on Exim processes and user accounts, limiting the scope and impact of privilege escalation from local command-line access.

References