Upstream information

CVE-2025-67896 at MITRE

Description

Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail CNA (MITRE)
Base Score 6.4
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Impact Low
Integrity Impact High
Availability Impact Low
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1254999 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Sun Dec 14 06:02:21 2025
CVE page last modified: Mon Dec 15 19:31:17 2025