CVE-2025-42599 PUBLISHED

Assigner: jpcert
Reserved: 16.04.2025 Published: 18.04.2025 Updated: 18.04.2025

Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.

Metrics

CVSS 3.0

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.0

Product Status

Vendor	QUALITIA CO., LTD.
Product	Active! mail 6
Versions	Version BuildInfo: 6.60.05008561 and earlier is affected

References

https://www.qualitia.com/jp/news/2025/04/18_1030.html
https://jvn.jp/en/jp/JVN22348866/

CVE-2025-42599 PUBLISHED

Metrics

Product Status

References

Problem Types