0NYX-MY7H - Security Researcher - Exploit Intelligence Platform

CVE-2025-43920 NOMISEC MEDIUM WRITEUP

GNU Mailman < 2.1.39 - OS Command Injection

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

1 stars

CVSS 5.4

View Code

CVE-2025-43919 NOMISEC MEDIUM WRITEUP

GNU Mailman < 2.1.39 - Path Traversal

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS 5.8

View Code

CVE-2025-43921 NOMISEC MEDIUM WRITEUP

GNU Mailman < 2.1.39 - Incorrect Authorization

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS 5.3

View Code