Unrated severityOSV Advisory· Published Dec 14, 2025· Updated Dec 18, 2025

CVE-2025-67896

Description

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.

Affected products

Exim/EximOSV
Range: DEVEL_PDKIM_START, exim-4.90devstart, exim-4.92, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exim.org/static/doc/security/mitre
exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txtmitre
www.openwall.com/lists/oss-security/2025/12/11/2mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000