CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

UBUNTU-CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

UBUNTU-CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

UBUNTU-CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel and WHM, in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

GNU Mailman 路径遍历漏洞

GNU Mailman is a free suite of software for managing email discussions and email lists from the GNU community in the United States. GNU Mailman suffers from a directory traversal vulnerability that originates from a directory traversal that results in arbitrary file reads. An attacker could use t...

PT-2025-17399 · Unknown · Gnu Mailman

Name of the Vulnerable Software and Affected Versions: GNU Mailman version 2.1.39 Description: GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the "/mailman/create" endpoint. Recommendations: For GNU Mailman version 2.1.39, consider disabling...

PT-2025-17398 · Unknown · Gnu Mailman

Name of the Vulnerable Software and Affected Versions: GNU Mailman version 2.1.39 Description: The issue allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. This occurs in certain external archiver configurations. Recommendations: F...

PT-2025-17397 · Unknown · Gnu Mailman

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions 2.1.39 Description: The issue allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman, also known as the private archive authentication endpoint, using the username...

CVE-2025-43919

CVE-2025-43919 affects GNU Mailman 2.1.39 bundled with cPanel/WHM. The vulnerability is a directory traversal in the /mailman/private/mailman endpoint, exploitable via a crafted username parameter that can read arbitrary server files (e.g., /etc/passwd). Root cause: insufficient input validation ...

CVE-2025-43920

GNU Mailman 2.1.39 (bundled with cPanel/WHM) has a command-injection risk when an external archiver is configured and the email subject line contains shell metacharacters. The root cause is unsanitized subject handling in the archiver/subject processing path, enabling unauthenticated execution of...

CVE-2025-43921

GNU Mailman 2.1.39 (bundled with cPanel/WHM) is vulnerable to unauthenticated creation of mailing lists via the /mailman/create endpoint. The root cause is missing access controls in the create CGI script, enabling arbitrary list creation by anyone. Impact described across sources includes potent...