CVE-2025-43919

CVSS 5.8 MEDIUMEPSS 1.4%CWE-24

In short

GNU Mailman 2.1.39 in cPanel/WHM allows anyone to read private files by using path traversal tricks in the login form. An attacker can bypass authentication and access files they shouldn't see.

Technical detail

A path traversal vulnerability exists in the private archive authentication endpoint (/mailman/private/mailman) where the username parameter fails to properly sanitize ../ sequences, allowing unauthenticated attackers to read arbitrary files. The attack requires no authentication and exploits improper input validation, though reproducibility varies across configurations.

Summary generated and translated by AI from the official description.

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

GNU · Mailman

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://code.launchpad.net/~mailman-coders/mailman/2.1 https://github.com/0NYX-MY7H/CVE-2025-43919 https://github.com/cpanel/mailman2-python3 https://www.openwall.com/lists/oss-security/2025/04/21/6