CVE-2025-42599 – CVE-2025-42599 is a critical stack-based buffer... (How to Fix)

Q: What is the severity of CVE-2025-42599?

CVE-2025-42599 has a CVSS score of 9.8 (CRITICAL). CVE-2025-42599 is a critical stack-based buffer overflow vulnerability in Active! mail 6 that allows remote unauthenticated attackers to execute arbitrary code or cause denial-of-service by sending specially crafted requests. This affects all systems running Active! mail 6 version 6.60.05008561 and earlier. The vulnerability is particularly dangerous because it requires no authentication and has a CVSS score of 9.8.

📋 TL;DR

CVE-2025-42599 is a critical stack-based buffer overflow vulnerability in Active! mail 6 that allows remote unauthenticated attackers to execute arbitrary code or cause denial-of-service by sending specially crafted requests. This affects all systems running Active! mail 6 version 6.60.05008561 and earlier. The vulnerability is particularly dangerous because it requires no authentication and has a CVSS score of 9.8.

💻 Affected Systems

Products:

Active! mail 6

Versions: Version 6.60.05008561 and earlier

Operating Systems: Windows (presumed based on product documentation)

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration. The vulnerability exists in the mail server component that handles incoming requests.

📦 What is this software?

Active\! Mail by Qualitia

View all CVEs affecting Active\! Mail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Denial-of-service causing mail service disruption, potentially followed by remote code execution for further system exploitation.

🟢

If Mitigated

Service disruption with limited lateral movement if proper network segmentation and least privilege controls are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication, making internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to attacks from compromised internal systems or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CISA has added this to their Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The buffer overflow nature suggests relatively straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 6.60.05008562 or later

Vendor Advisory: https://www.qualitia.com/jp/news/2025/04/18_1030.html

Restart Required: Yes

Instructions:

1. Download the latest version from the vendor website. 2. Backup current configuration and data. 3. Stop the Active! mail service. 4. Install the updated version. 5. Restart the service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Active! mail server to only trusted sources

Firewall Rules

windows

Block external access to Active! mail ports using firewall rules

netsh advfirewall firewall add rule name="Block ActiveMail" dir=in action=block protocol=TCP localport=25,110,143,587,993,995

🧯 If You Can't Patch

Isolate the Active! mail server in a dedicated network segment with strict firewall rules
Implement application-level firewall or WAF with buffer overflow protection rules

🔍 How to Verify

Check if Vulnerable:

Check the Active! mail version in the application interface or installation directory. Versions 6.60.05008561 and earlier are vulnerable.

Check Version:

Check the application interface or examine the installation directory for version information files.

Verify Fix Applied:

Verify the version is 6.60.05008562 or later and test mail functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Unusual connection patterns to mail ports
Large or malformed requests to mail service
Service crashes or restarts

Network Indicators:

Unusual traffic patterns to mail server ports (25, 110, 143, 587, 993, 995)
Large payloads sent to mail service

SIEM Query:

source="mail_server" AND (event_type="crash" OR bytes_received>10000) OR (src_ip NOT IN trusted_networks AND dest_port IN (25,110,143,587,993,995))

📊 Metadata

CVE ID: CVE-2025-42599

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 8.01% exploit probability (91.9th percentile)

CISA KEV: Actively Exploited added Apr 28, 2025

Published: April 18, 2025

Last Updated: October 24, 2025

🔗 References

https://jvn.jp/en/jp/JVN22348866/ Third Party Advisory
https://www.qualitia.com/jp/news/2025/04/18_1030.html Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-42599 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-42599, you might also want to check these: