CVE-2025-34491

High CVSS: 8.8

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.

Vendor

Gfi

Product

Mailessentials

CWE

CWE-502

Yayın Tarihi

2025-04-28 20:15:20

Güncelleme

2025-11-04 23:15:37

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-502 Mailessentials HIGH Gfi 2025

Referanslar

https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases https://www.vulncheck.com/advisories/gfi-mailessentials-multinode-insecure-deserialization

Benzer Kayıtlar

High

CVE-2026-2036

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows…

High

CVE-2026-2037

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows…

Critical

CVE-2026-2038

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attac…

Critical

CVE-2026-2039

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote atta…

Medium

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the L…

Medium

CVE-2026-23616

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing co…