CyberSecurity news
FlagThis
Bill Toulas@BleepingComputer
//
A critical security vulnerability has been discovered in Active! Mail, a web-based email client popular among large Japanese organizations. The vulnerability, identified as CVE-2025-42599, is a stack-based buffer overflow that allows remote attackers to execute arbitrary code on affected systems. This flaw, which has a CVSS score of 9.8, poses a significant threat to over 2,250 organizations in Japan, potentially impacting more than 11 million accounts. The severity of this vulnerability stems from the fact that it can be exploited by unauthenticated attackers, meaning they do not need any login credentials to carry out an attack.
This zero-day remote code execution vulnerability is actively being exploited in attacks targeting large organizations in Japan. Successful exploitation of CVE-2025-42599 can lead to full server compromise, data theft, service disruption, or the installation of malware. Given that Active! Mail is a vital component in many Japanese-language business environments, including corporations, universities, government agencies, and banks, the potential impact is substantial. It is crucial to note that Active! mail is used in over 2,250 organizations, boasting over 11,000,000 accounts, making it a significant player in the country's business webmail market.
In response to the active exploitation of this vulnerability, Qualitia, the developer of Active! Mail, released a security bulletin and a corrective patch on April 18, 2025. Users are strongly urged to update to Active! Mail 6 BuildInfo: 6.60.06008562 as soon as possible to mitigate the risk. The Japan Computer Emergency Response Team (JPCERT) has also issued an advisory emphasizing the urgency of applying the patch. For organizations unable to update immediately, JPCERT recommends configuring Web Application Firewalls (WAF) to inspect HTTP request bodies and block excessively large multipart/form-data headers as a temporary mitigation strategy.
ImgSrc: www.bleepstatic
References :
This zero-day remote code execution vulnerability is actively being exploited in attacks targeting large organizations in Japan. Successful exploitation of CVE-2025-42599 can lead to full server compromise, data theft, service disruption, or the installation of malware. Given that Active! Mail is a vital component in many Japanese-language business environments, including corporations, universities, government agencies, and banks, the potential impact is substantial. It is crucial to note that Active! mail is used in over 2,250 organizations, boasting over 11,000,000 accounts, making it a significant player in the country's business webmail market.
In response to the active exploitation of this vulnerability, Qualitia, the developer of Active! Mail, released a security bulletin and a corrective patch on April 18, 2025. Users are strongly urged to update to Active! Mail 6 BuildInfo: 6.60.06008562 as soon as possible to mitigate the risk. The Japan Computer Emergency Response Team (JPCERT) has also issued an advisory emphasizing the urgency of applying the patch. For organizations unable to update immediately, JPCERT recommends configuring Web Application Firewalls (WAF) to inspect HTTP request bodies and block excessively large multipart/form-data headers as a temporary mitigation strategy.
ImgSrc: www.bleepstatic
Share:
References :
- bsky.app: An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan.
- securityonline.info: CVE-2025-42599: Critical Buffer Overflow in Active! mail Exploited in the Wild
- The DefendOps Diaries: Explore the critical Active! Mail vulnerability impacting over 11 million accounts, highlighting the need for robust cybersecurity measures.
- BleepingComputer: An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan.