Exim Vulnerability

ChrisW58,

Let me research the issue for you, as I am unsure if the issue has already been addressed, or is in the works to be addressed. In the meantime, would you private message me a svc tag, as I may need to escalate this up. 

@DELL-Chris H ​ thanks Chris, have PM'd you.

Thank you. I got the PM and submitted it. 

Hi, can you tell me what the outcome was? We have the same issue and I cannot find any articles about this topic/CVE (CVE-2025-67896).

I found this article, but the CVE above is not mentioned: https://www.dell.com/support/kbdoc/en-us/000314048/dell-secure-connect-gateway-v5-28 

Our vulneribility scanner reports
Vulnerable version of Exim detected on port 25 over TCP - 220 emc.com ESMTP Exim 4.97.1 Sat, 10 Jan 2026 23:26:23 +0000

and recommends to update to version 4.99.1 or higher. 

Hunv_HB,

Would you verify that Secure Connect Gateway is running the latest version, then log in to the SCG GUI using the admin credentials and navigate to the About tab, then scroll down and verify whether any host patches are available.

If host patches are available, please apply them by taking VM snapshot and perform a system scan again.

If no host patches are available, kindly share a screenshot of the About tab for confirmation.

Let me know if this helps.

Hi Chris,

thanks for your reply.

Yes we are on the latest versions with no updates available. Question would be: What is the exim version that should be deployed in that version of the SCG.

With SCG being on version 5.32 and patches applied then it is no longer susceptible to the Exim vulnerability.  So you may want to try a rescan to see if it is remediated.