Mailman@2.1.39 Security Vulnerabilities and Issues — Mailman@2.1.39 CVE List

Lucene search

GnuMailman2.1.39

3 matches found

CVE•added 2025/04/20 1:15 a.m.•72 views

CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable...

7.5CVSS6.6AI score0.00103EPSS

CVE•added 2025/04/20 1:15 a.m.•63 views

CVE-2025-43920

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardles...

8.1CVSS7.2AI score0.00303EPSS

CVE•added 2025/04/20 1:15 a.m.•53 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

5.3CVSS5.3AI score0.00065EPSS