CVE-2025-26794

Critical

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires…

mitre·CWE-89·Published 2025-02-21

CVSS

9.8

EPSS

0.76

KEV

Exploits

cve.orgen

209 chars

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

NVDen

209 chars

NVDes

138 chars

Exim 4.98 anterior a la versíon 4.98.1 permite una inyección SQL remota cuando se usan serialización de ETRN con la tabla hints en SQLite.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H