ET EXPLOIT Exim SQLite (DBM) Injection (CVE-2025-26794)

SID: 2060363Rev: 169 views
Sourceet/open
CreatedFebruary 25, 2025
UpdatedFebruary 25, 2025
Classificationattempted-user
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET EXPLOIT Exim SQLite (DBM) Injection (CVE-2025-26794)"; flow:established,to_server; content:"ETRN|20 23|"; startswith; pcre:"/^[^0a]*?[\x27\x22\x3b\x2d\x5c\x2a\x2f]/R"; reference:url,github.com/OscarBataille/CVE-2025-26794; reference:cve,2025-26794; classtype:attempted-user; sid:2060363; rev:1; metadata:affected_product Exim, attack_target Server, created_at 2025_02_25, cve CVE_2025_26794, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_02_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlgithub.com/OscarBataille/CVE-2025-26794
cve2025-26794

Metadata

affected productExim
attack targetServer
created at2025_02_25
deploymentInternal
confidenceHigh
signature severityMajor
tagExploit
updated at2025_02_25
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!