CVE-2025-30232 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	A use-after-free has been discovered in exim that can lead to potential privilege escalation due to the lack of nulling out the debug_pretrigger_buf pointer before freeing the buffer by the storage management.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2859	exim	4.98.1-1	4.98.2-1	High	Fixed

References
https://exim.org/static/doc/security/CVE-2025-30232.txt https://lists.exim.org/lurker/message/20250326.140105.6b97555b.en.html https://code.exim.org/exim/exim/commit/be040d7df68a8cbb244aaabc37832984dafcbf55

References

https://exim.org/static/doc/security/CVE-2025-30232.txt
https://lists.exim.org/lurker/message/20250326.140105.6b97555b.en.html
https://code.exim.org/exim/exim/commit/be040d7df68a8cbb244aaabc37832984dafcbf55

Notes
Introduced after: https://code.exim.org/exim/exim/commit/19fdbfb4a2b6ca4a6a96ef52be848f0a23e2414f (exim-4.96-RC0)