Exim has released a crucial security update, version 4.99.1, to address a critical vulnerability identified as CVE-2025-67896, which affects Exim versions starting from 4.99. This vulnerability may also pose risks to older, unsupported versions of Exim. While the exact severity on outdated systems remains unclear, users are advised to stay informed about potential implications. For those using an up-to-date system like Exim 4.99 or newer, installing version 4.99.1 will remediate the issue.
The vulnerability specifically impacts systems utilizing SQLite for certain database lookups and hintdb operations within Exim. Users who employ older lookup methods should assess their systems to determine if they are affected.
To access the updated software, users have multiple options. They can download a tarball from the Exim FTP server or access the latest code directly from the repository. For those who utilize Git for version control, the latest release is tagged as exim-4.99.1 in the repository.
In light of this release, it is essential for Exim users to stay informed about security updates and to consider upgrading to the latest version to mitigate potential vulnerabilities. Regularly reviewing release notes and security advisories can help maintain the integrity and security of email systems relying on Exim. Additionally, organizations should evaluate their current configurations and practices to ensure they are not inadvertently exposing themselves to security risks associated with outdated software
The vulnerability specifically impacts systems utilizing SQLite for certain database lookups and hintdb operations within Exim. Users who employ older lookup methods should assess their systems to determine if they are affected.
To access the updated software, users have multiple options. They can download a tarball from the Exim FTP server or access the latest code directly from the repository. For those who utilize Git for version control, the latest release is tagged as exim-4.99.1 in the repository.
In light of this release, it is essential for Exim users to stay informed about security updates and to consider upgrading to the latest version to mitigate potential vulnerabilities. Regularly reviewing release notes and security advisories can help maintain the integrity and security of email systems relying on Exim. Additionally, organizations should evaluate their current configurations and practices to ensure they are not inadvertently exposing themselves to security risks associated with outdated software
Exim 4.99.1 released
A new security release, Exim 4.99.1, has been made available to address a critical vulnerability identified as CVE-2025-67896. This vulnerability affects Exim versions starting at 4.99 and may also impact older versions that are no longer maintained. The good news is that installing version 4.99.1 on up-to-date systems like Exim 4.99 or newer will fix the issue. Users can obtain the updated software through various means, including a tarball from the FTP server or by accessing the code repository directly.
