An Lively! Mail zero-day distant code execution vulnerability is actively exploited in assaults on massive organizations in Japan.
Lively! mail is a web-based e mail shopper developed initially by TransWARE and later acquired by Qualitia, each Japanese corporations.
Whereas it is not extensively used worldwide like Gmail or Outlook, Lively! is usually used as a groupware element in Japanese-language environments of enormous firms, universities, authorities companies, and banks.
In keeping with the seller, Lively! is utilized in over 2,250 organizations, boasting over 11,000,000 accounts, making it a major participant within the nation’s enterprise webmail market.
Late final week, Qualitia launched a security bulletin a couple of stack-based buffer overflow vulnerability tracked underneath CVE-2025-42599 (CVSS v3 rating: 9.8, “vital”) impacting all variations of Lively! as much as and together with ‘BuildInfo: 6.60.05008561’ on all supported OS platforms.
“If a maliciously crafted request is distributed by a distant third celebration, there’s a risk of arbitrary code execution or a denial-of-service (DoS) situation being triggered,” reads the bulletin.
Though Qualitia mentions investigating whether or not the flaw has been exploited, Japan’s CERT has confirmed its lively exploitation standing, urging all customers to replace to Lively! Mail 6 BuildInfo: 6.60.06008562 as quickly as doable.
Japanese webhosting and IT companies (SMB) supplier Kagoya Japan reported a number of exterior assaults over the weekend, prompting it to quickly droop the service.
“We suspect that this challenge is said to a vulnerability disclosed by QUALITIA (the developer),” reads the bulletin Kagoya revealed earlier.
An analogous service outage following believed exploitation makes an attempt was additionally reported by webhosting and IT companies supplier WADAX.
“At this stage, we can’t but assure the secure use of the service for our clients,” introduced WADAX.
“Due to this fact, with buyer security as our prime precedence, we’ve got quickly suspended the Lively! mail service as a precaution.”
Macnica security researcher Yutaka Sejiyama instructed BleepingComputer that at the very least 227 internet-exposed Lively! servers which are probably uncovered to those assaults, with 63 of them utilized in universities.
Japan’s CERT has proposed particular mitigation steps for these unable to use the security replace instantly, together with configuring the Net Utility Firewall (WAF) to allow HTTP request physique inspection and block multipart/form-data headers if their dimension exceeds a sure threshold.
