This isn’t the first time Exim has faced security concerns. Three years ago, the NSA issued a warning about the exploitation of an Exim vulnerability by Sandworm, a Russian state-sponsored threat actor. The NSA cautioned that this exploit allowed privileged user additions, network security settings manipulation, and the execution of additional scripts for further network exploitation, effectively granting attackers significant control over unpatched Exim MTA installations.
The pressing concern now is to promptly address this vulnerability to prevent potential exploitation by malicious actors. Server administrators are strongly encouraged to take necessary precautions to secure their Exim installations and monitor official security updates closely.
