Late last week, Qualitia released a security bulletin about a stack-based buffer overflow vulnerability tracked under CVE-2025-42599 (CVSS v3 score: 9.8, "critical") impacting all versions of Active! up to and including 'BuildInfo: 6.60.05008561' on all supported OS platforms. Although Qualitia mentions investigating whether the flaw has been exploited, Japan's CERT has confirmed its active exploitation status, urging all users to update to Active! Mail 6 BuildInfo: 6.60.06008562 as soon as possible. Japan's CERT has proposed specific mitigation steps for those unable to apply the security update immediately, including configuring the Web Application Firewall (WAF) to enable HTTP request body inspection and block multipart/form-data headers if their size exceeds a certain threshold. An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. Japanese web hosting and IT services (SMB) provider Kagoya Japan reported several external attacks over the weekend, prompting it to temporarily suspend the service. "If a maliciously crafted request is sent by a remote third party, there is a possibility of arbitrary code execution or a denial-of-service (DoS) condition being triggered," reads the bulletin. Macnica security researcher Yutaka Sejiyama told BleepingComputer that at least 227 internet-exposed Active! servers that are potentially exposed to these attacks, with 63 of them used in universities. Active! mail is a web-based email client developed initially by TransWARE and later acquired by Qualitia, both Japanese companies. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. While it's not widely used worldwide like Gmail or Outlook, Active! is often used as a groupware component in Japanese-language environments of large corporations, universities, government agencies, and banks. According to the vendor, Active! is used in over 2,250 organizations, boasting over 11,000,000 accounts, making it a significant player in the country's business webmail market. "We suspect that this issue is related to a vulnerability disclosed by QUALITIA (the developer)," reads the bulletin Kagoya published earlier.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 22 Apr 2025 21:10:10 +0000