# CVE 2025-30232

## Timeline

- 2025/03/13 Report received
- 2025/03/18 ACK sent to reporter
- 2025/03/19 CVE assigned
- 2025/03/19 Distros heads-up mail, to <distros@vs.openwall.org> and <exim-maintainers@lists.exim.org>
- 2025/03/21 14:00 UTC Security Release available for (only) Distros
- 2025/03/25 14:00 UTC Public heads-up notification, to <exim-announce@lists.exim.org>
- 2025/03/26 14:00 UTC Published the changes on https://code.exim.org/exim/exim.git


## Details

A use-after-free is possible, with potential for privilege escalation.

The following conditions have to be met for being vulnerable:

- Exim Version
     - 4.96
     - 4.97
     - 4.98
     - 4.98.1
 - Command-line access

## Acknowledgements

Thanks to Trend Micro for reporting this issue in a responsible manner.
- Ref: ZDI-CAN-26250
- Email: <zdi-disclosures@trendmicro.com>