CVE-2025-43919 Information

Apr 21, 2025 cve

Description

GNU Mailman 2.1.39 as bundled in cPanel (and WHM) allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter.

Reference

https://code.launchpad.net/~mailman-coders/mailman/2.1 https://github.com/0NYX-MY7H/CVE-2025-43919

Share on: