BleepingComputer reports that attacks involving a critical stack-based overflow zero-day vulnerability impacting Qualitia's web-based email client Active! mail, tracked as CVE-2025-42599, have been launched against major Japanese organizations.
Exploitation of the flaw, which could result in arbitrary code execution or denial-of-service, was suspected by Japanese web hosting and IT services providers Kagoya Japan and WADAX to have caused recent outages, resulting in the temporary takedown of the Active! mail service. "At this stage, we cannot yet guarantee the safe use of the service for our customers. Therefore, with customer safety as our top priority, we have temporarily suspended the Active! mail service as a precaution," said WADAX. At least 227 online Active! servers, more than a fifth of which are used by universities, could also be compromised through the exploit, according to Macnica security researcher Yutaka Sejiyama. Such active exploitation of the Active! mail zero-day has prompted Japan's Computer Emergency Response Team Coordination Center to immediately update Active! mail instances and apply the necessary Web Application Firewall configurations.
Exploitation of the flaw, which could result in arbitrary code execution or denial-of-service, was suspected by Japanese web hosting and IT services providers Kagoya Japan and WADAX to have caused recent outages, resulting in the temporary takedown of the Active! mail service. "At this stage, we cannot yet guarantee the safe use of the service for our customers. Therefore, with customer safety as our top priority, we have temporarily suspended the Active! mail service as a precaution," said WADAX. At least 227 online Active! servers, more than a fifth of which are used by universities, could also be compromised through the exploit, according to Macnica security researcher Yutaka Sejiyama. Such active exploitation of the Active! mail zero-day has prompted Japan's Computer Emergency Response Team Coordination Center to immediately update Active! mail instances and apply the necessary Web Application Firewall configurations.
