Security News > 2023 > September > Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers.
MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.
According to the survey, Exim is installed on more than 56% out of a total of 602,000 mail servers reachable on the Internet, representing just over 342,000 Exim servers.
Just over 3.5 million Exim servers are currently exposed online per a Shodan search, most of them in the United States, followed by Russia and Germany.
While a patch is not yet available to secure vulnerable Exim servers against potential attacks, ZDI advised admins to restrict remote access from the Internet to thwart incoming exploitation attempts.
New PaperCut critical bug exposes unpatched servers to RCE attacks.
News URL
Related news
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- SAP fixes suspected Netweaver zero-day exploited in attacks (source)