Mailessentials Security Vulnerabilities and Issues — Mailessentials CVE List

Lucene search

GfiMailessentials

4 matches found

CVE•added 2025/04/28 7:15 p.m.•66 views

CVE-2025-34489

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service.

7.8CVSS7.8AI score0.0003EPSS

CVE•added 2025/04/28 8:15 p.m.•50 views

CVE-2025-34491

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.

8.8CVSS8.9AI score0.00114EPSS

CVE•added 2005/01/06 5:0 a.m.•46 views

CVE-2004-1312

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to re...

10CVSS6.6AI score0.00992EPSS

CVE•added 2025/04/28 7:15 p.m.•41 views

CVE-2025-34490

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.

6.5CVSS6.4AI score0.00072EPSS