Situation
CVE-2025-30232 vulnerability was discovered in Exim when running in debug mode.
Impact
This vulnerability relies upon Exim running in debug mode along with pretriggers being enabled. This is not how Exim is run under cPanel by default, so it is very unlikely for anyone to be affected. Still, we have updated our exim package to include the fix as well.
Call to Action
Do not use debug mode with pretriggers when running Exim on public (-dp flag, or pretrigger= debug options). By default, cPanel does not run Exim in this configuration. If you want to check if you are running a patched version of Exim, please run the following command to confirm the current version of Exim on the server:
rpm -q cpanel-exim
For cPanel versions 118+ the following is the updated version:
cpanel-exim-4.98.1-2.cp118~el9.x86_64
For cpanel version 110:
cpanel-exim-4.98.1-2.cp108~el7
Comments
0 comments
Article is closed for comments.