CVE-2025-43919

CVSS 5.8 · Medium EPSS 0.22% · P44 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-43919

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

路径遍历：’../filedir’

Source: NVD (National Vulnerability Database)

Vulnerability Title

GNU Mailman 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GNU Mailman是美国GNU社区的一套免费的用于管理电子邮件讨论和电子邮件列表的软件。该软件可与Web项目集成，使用户方便管理邮件订阅帐号，并提供内置归档、自动转发处理、内容过滤和反垃圾过滤器等功能。 GNU Mailman 2.1.39版本存在安全漏洞，该漏洞源于目录遍历，可能导致任意文件读取。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
GNU	Mailman	2.1.39	-

II. Public POCs for CVE-2025-43919

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/0NYX-MY7H/CVE-2025-43919	POC Details
2	A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.	https://github.com/cybersecplayground/CVE-2025-43919-POC	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-43919

请登录查看更多情报信息。

Same Patch Batch · GNU · 2025-04-20 · 3 CVEs total

CVE-2025-43920	5.4 MEDIUM	GNU Mailman 安全漏洞
CVE-2025-43921	5.3 MEDIUM	GNU Mailman 安全漏洞

IV. Related Vulnerabilities

Same product: Mailman

Same vendor: GNU

Same weakness: CWE-24

V. Comments for CVE-2025-43919

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-43919

I. Basic Information for CVE-2025-43919

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-43919

III. Intelligence Information for CVE-2025-43919

Same Patch Batch · GNU · 2025-04-20 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-43919

Leave a comment