CVE-2025-26794 — AI Deep Analysis Summary

🚨 **What is this vulnerability?** * **Essence:** A critical **SQL Injection (SQLi)** flaw in Exim MTA. * **Trigger:** Occurs when using **SQLite** as the DBM backend + **ETRN** command. * **Consequences:** Remote …

🛡️ **Root Cause? (CWE/Flaw)** * **CWE ID:** **CWE-89** (Improper Neutralization of Special Elements used in an SQL Command). * **The Flaw:** Parameters passed to SQLite are **not properly sanitized** before executio…

🏢 **Who is affected? (Versions/Components)** * **Vendor:** **Exim** (Open-source Mail Transfer Agent). * **Affected Versions:** **Exim 4.98.1 and earlier**.…

💣 **What can hackers do? (Privileges/Data)** * **Remote Access:** No authentication required (PR:N).…

🚧 **Is exploitation threshold high? (Auth/Config)** * **Attack Vector:** **Network (AV:N)**. Remote exploitation is possible. 📡 * **Complexity:** **Low (AC:L)**. Easy to exploit. 📉 * **Auth:** **None (PR:N)**.…

💻 **Is there a public Exp? (PoC/Wild Exploitation)** * **Yes!** Multiple PoCs are available.…

🔍 **How to self-check? (Features/Scanning)** * **Check Version:** Run `exim -bV`. If version < **4.98.2**, you are vulnerable. 📝 * **Check Config:** Look for `dbdriver = sqlite` in your Exim configuration.…

✅ **Is it fixed officially? (Patch/Mitigation)** * **Yes.** The vulnerability was published on **2025-02-21**. 📅 * **Fix:** Upgrade to **Exim 4.98.2** or later.…

🛑 **What if no patch? (Workaround)** * **Disable SQLite:** Switch your DBM driver to **MySQL**, **PostgreSQL**, or **gdbm**.…

🔥 **Is it urgent? (Priority Suggestion)** * **Priority:** **CRITICAL / HIGH**. 🚨 * **Reason:** * Remote exploitation without auth. 🌐 * Low complexity. 📉 * Public exploits exist.…