CVE-2025-43920

Medium CVSS: 5.4

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

Vendor

Gnu

Product

Mailman

CWE

CWE-78

Yayın Tarihi

2025-04-20 01:15:45

Güncelleme

2025-04-28 14:15:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-78 Mailman MEDIUM Gnu 2025

Referanslar

https://code.launchpad.net/~mailman-coders/mailman/2.1 https://github.com/0NYX-MY7H/CVE-2025-43920 https://github.com/cpanel/mailman2-python3 https://www.openwall.com/lists/oss-security/2025/04/21/6

Benzer Kayıtlar

High

CVE-2026-4046

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin…

Medium

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files…

High

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the…

Medium

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the…

Medium

CVE-2026-3441

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t…

Medium

CVE-2026-3442

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read,…