CVE-2025-43919

MEDIUM

GNU Mailman 2.1.1-2.1.38 - Unauthenticated Path Traversal via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-43919. PoCs published by JawadPy, cybersecplayground, 0NYX-MY7H.

AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including RCE via PIL.ImageMath.eval(), URL parsing bypass in urllib.parse, and cookie leakage in urllib3. Each exploit includes a clear PoC and technical explanation.

Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

Exploits (3)

github WORKING POC 1 stars
by JawadPy · pythonpoc
https://github.com/JawadPy/CVE-Exploit-Collection/tree/main/CVE-2025-43919.txt

This repository contains functional exploit code for multiple CVEs, including RCE via PIL.ImageMath.eval(), URL parsing bypass in urllib.parse, and cookie leakage in urllib3. Each exploit includes a clear PoC and technical explanation.

Classification
Working Poc 95%
Attack Type
Rce | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Pillow < 9.0.0, Python < 3.11.4, Flask < 2.2.5, urllib3 < 2.0.6
No auth needed
Prerequisites: Target software with vulnerable versions · Network access to the target
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by cybersecplayground · poc
https://github.com/cybersecplayground/CVE-2025-43919-POC

This repository contains a working proof-of-concept exploit for CVE-2025-43919, a directory traversal vulnerability in GNU Mailman 2.1.39. The exploit allows unauthenticated remote attackers to read arbitrary files on the server via a crafted POST request to the `/mailman/private/mailman` endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GNU Mailman 2.1.39 (cPanel/WHM)
No auth needed
Prerequisites: Vulnerable GNU Mailman 2.1.39 instance · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by 0NYX-MY7H · poc
https://github.com/0NYX-MY7H/CVE-2025-43919

This repository contains a detailed writeup for CVE-2025-43919, a directory traversal vulnerability in GNU Mailman 2.1.39 (bundled with cPanel/WHM). The vulnerability allows unauthenticated attackers to read arbitrary files on the server via crafted POST requests to the `/mailman/private/mailman` endpoint.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GNU Mailman 2.1.39 (cPanel/WHM Bundle)
No auth needed
Prerequisites: Access to the target's `/mailman/private/mailman` endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.8
EPSS 0.0135
EPSS Percentile 67.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22 CWE-24
Status published
Products (1)
gnu/mailman 2.1.1 - 2.1.39
Published Apr 20, 2025
Tracked Since Feb 18, 2026