InfoSecBulletin Cybersecurity for mankind
Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters.
Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
The vulnerability is caused by not parsing multiline RFC2231 header filenames correctly, allowing remote attackers to send harmful executable attachments to end users’ mailboxes by bypassing the protection mechanism.
“If a user were to download or run one of these malicious files, the system could be compromised,” Censys warned, adding that “a PoC is available, but no active exploitation is known yet.”
“As of July 10, 2024, Censys observes 1,567,109 publicly exposed Exim servers running a potentially vulnerable version (4.97.1 or earlier), concentrated mostly in the United States, Russia, and Canada,” the company added.
59% of the 409,255 mail servers on the Internet were running Exim, which is more than 241,000 instances.
According to Shodan, there are over 3.3 million Exim servers exposed online, most in the United States, followed by Russia and the Netherlands. Censys found 6,540,044 public mail servers online, with roughly 74% of them running Exim.
