CVE-2025-42599 is a critical stack-based buffer overflow vulnerability found in QUALITIA CO., LTD.'s Active! mail 6 software, specifically in versions BuildInfo: 6.60.05008561 and earlier. This vulnerability arises when the software processes a specially crafted request sent by a remote attacker without requiring any authentication or user interaction. The flaw allows the attacker to overflow a buffer on the stack, which can lead to arbitrary code execution or cause a denial-of-service (DoS) condition by crashing the application. Given the nature of stack-based buffer overflows, exploitation can enable attackers to execute malicious payloads with the privileges of the affected application, potentially leading to full system compromise. The vulnerability has a CVSS v3.0 base score of 9.8, indicating critical severity with high impact on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making it highly exploitable remotely. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component but still severe. Although no known exploits are reported in the wild yet, the criticality and ease of exploitation make it a significant threat. Active! mail 6 is an email management and communication platform used by various organizations for internal and external communications, making it a high-value target for attackers aiming to disrupt operations or gain sensitive information.

For European organizations using Active! mail 6, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized access to sensitive email communications, enabling data breaches involving confidential business information, personal data, or intellectual property. The arbitrary code execution capability could allow attackers to implant malware, establish persistent backdoors, or pivot within the network, escalating the threat beyond the initial compromise. A denial-of-service attack could disrupt critical email services, impacting business continuity and operational efficiency. Given the criticality and network-exploitable nature, attackers could target multiple organizations rapidly, potentially causing widespread disruption. This is particularly concerning for sectors with stringent data protection requirements under GDPR, as exploitation could lead to significant regulatory and reputational consequences. Additionally, the lack of authentication requirement lowers the barrier for attackers, increasing the likelihood of exploitation attempts.

Organizations should immediately identify and inventory all instances of Active! mail 6 in their environment, focusing on versions BuildInfo: 6.60.05008561 and earlier. Since no patch links are currently provided, it is critical to monitor QUALITIA CO., LTD.'s official channels for security updates or patches addressing this vulnerability. In the interim, network-level mitigations should be implemented: restrict access to the Active! mail 6 service to trusted IP addresses via firewall rules, employ network intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection capable of identifying exploit attempts, and segment the network to isolate the mail server from less trusted zones. Additionally, enable detailed logging and monitoring of Active! mail 6 traffic to detect suspicious requests indicative of exploitation attempts. Organizations should also consider deploying web application firewalls (WAFs) with custom rules to block malformed requests targeting the buffer overflow. Regular backups of mail server data and configurations should be maintained to enable rapid recovery in case of compromise or DoS. Finally, conduct security awareness training for IT staff to recognize and respond to exploitation attempts promptly.