CyberSecurityBoard
Sponsor Register Login

Exim Use-After-Free Vulnerability Allows Privilege Escalation

The discovery of CVE-2025-30232 highlights the ongoing importance of prompt security updates for critical infrastructure software like mail servers, which remain high-value targets for attackers seeking to compromise networks or gain unauthorized access to sensitive communications. In 2019, a critical vulnerability (CVE-2019-10149) allowed remote code execution with root privileges, and in 2021, security researchers identified multiple critical vulnerabilities including a use-after-free flaw in tls-openssl.c that could be exploited for remote code execution. The vulnerability specifically requires command-line access to exploit, which somewhat limits the attack vector but remains a serious concern for system administrators managing Exim mail servers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Use-after-free vulnerabilities occur when a program continues to use a pointer after the memory it references has been freed, creating a security gap that attackers can exploit to manipulate program behavior. Ubuntu has already released security updates for affected versions in their distributions, with fixes available for Ubuntu 24.04 LTS (Noble) and 24.10 (Oracular). Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Mar 2025 07:40:19 +0000


Cyber News related to Exim Use-After-Free Vulnerability Allows Privilege Escalation

What Is a Privilege Escalation Attack? Types & Prevention - Privilege escalation is a method that threat actors use to increase their access to systems and data that they aren't authorized to see. This guide to privilege escalation attacks covers the two main types, the avenues attackers use, and detection ...
1 year ago Esecurityplanet.com LAPSUS$ Turla Whitefly
Exim Use-After-Free Vulnerability Allows Privilege Escalation - The discovery of CVE-2025-30232 highlights the ongoing importance of prompt security updates for critical infrastructure software like mail servers, which remain high-value targets for attackers seeking to compromise networks or gain unauthorized ...
3 days ago Cybersecuritynews.com CVE-2025-30232
CVE-2022-48869 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Chrome 120 Patches 10 Vulnerabilities - Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities. Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to ...
1 year ago Securityweek.com CVE-2023-6508 CVE-2023-6509 CVE-2023-6345
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Exim Mail Transfer Vulnerability Let Attackers Inject Malicious SQL Queries - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. All organizations using Exim for mail routing ...
1 month ago Cybersecuritynews.com
Bitwarden Free vs. Premium: Which Plan Is Best For You? - Bitwarden Free provides a secure vault for credentials, credit cards, identification documents and text files. The Bitwarden Premium plan costs $10 per year and offers additional capabilities such as encrypted file attachment sharing, advanced vault ...
1 year ago Techrepublic.com
Google Chrome Use After Free Flaw Let Attacker Hijack Browser - The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users. The Extended Stable channel has been updated to ...
1 year ago Gbhackers.com
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
1 year ago Securityweek.com CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
11 months ago Wordfence.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
5 months ago Aws.amazon.com
Atlas VPN Free vs. Premium: Which Plan Is Best For You? - When VPN providers offer free versions, you may be inclined to stick with that version. Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. In comparison, Atlas VPN Premium ...
1 year ago Techrepublic.com
CVE-2024-49884 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: ...
5 months ago Tenable.com
5 Free Online Brand Protection Software Tools: Pros and Cons - Free or open-source software does exist that can help organizations look for and investigate deceptive websites spoofing their brand. On the other hand, few free tools exist that allow one to take action against online brand impersonation attacks. To ...
1 year ago Securityboulevard.com
CVE-2024-56631 - In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in ...
3 months ago Tenable.com
CVE-2024-36899 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2024-46687 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2024-53171 - In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. A further deletion ...
3 months ago Tenable.com
CVE-2024-26805 - In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new `skb` and puts the ...
11 months ago Tenable.com
Unveiling Free VPN Risks: Protecting Online Privacy and Security - If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network. Virtual Private Networks are specifically crafted to accomplish this task. A quality VPN channels your web ...
1 year ago Cysecurity.news Slug
CVE-2022-3910 - Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called ...
1 year ago
CVE-2020-28011 - Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. ...
3 years ago
CVE-2021-46929 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-26616 - In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - ...
1 year ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)