The flaws, which reside in Exim’s DNS response handling, can be triggered without authentication and require no user interaction.
Vulnerabilities and Attack Vector
Researchers have uncovered multiple security flaws in the Exim mail transfer agent that can be triggered by feeding the server malicious DNS data. The vulnerabilities reside in how Exim processes DNS resolver responses during email delivery. An attacker who controls a DNS server or can perform a man-in-the-middle attack can send specially crafted replies that exploit these weaknesses.
The most severe issue allows an unauthenticated remote attacker to cause a denial of service by crashing the Exim process. In some configurations, the crash can lead to a complete service outage until the MTA is manually restarted. The flaws affect multiple versions of Exim, and system administrators are urged to patch immediately.
Impact and Mitigation
Exim is one of the most widely used mail transfer agents on the internet, powering email servers for countless organizations. The vulnerabilities, tracked as CVE-2025-26794 and CVE-2025-26795 at cve.org, pose a significant risk to email reliability. Exploitation could disrupt business communications or serve as a precursor to more complex attacks.
Security researchers recommend upgrading to the latest version of Exim as soon as possible. Until a patch can be applied, administrators should consider restricting DNS resolver access and monitoring for unusual DNS lookup patterns. No evidence of active exploitation has been reported, but the ease of attack makes remediation urgent.
Source: Cyber Security News
