Published is the correction to the release of the postal server Exim 4.98.2, which eliminates a vulnerability (CVE-2025-30232) that had the potential to allow privilege escalation. It is not specified whether remote exploitation of the vulnerability is possible.
The issue dates back to the release of Exim 4.96. Among the major distributions affected by this vulnerability were Debian 12, Ubuntu 24.04/24.10, OpenSUSE 15.6, Arch Linux, Fedora, and FreeBSD. However, RHEL and its derivatives are not affected since Exim is not part of their core package repositories (no update has been published to the EPEL repository for the Exim package so far).
The vulnerability, triggered by a memory release issue (USE-AFTER-FREE) in the Pretrigger Chief, stems from the debug_pretrigger_buf output buffer being released without setting a NULL value to the indicator used to check the presence