CVE-2025-43920

MEDIUM

GNU Mailman 2.1.1-2.1.38 - Unauthenticated OS Command Injection via Email Subject Line

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-43920. PoCs published by 0NYX-MY7H.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-43920, a command injection vulnerability in GNU Mailman 2.1.39 (cPanel/WHM bundle) via email subject lines when external archivers are configured. The PoC demonstrates how shell metacharacters in the subject can lead to arbitrary command execution.

Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

Exploits (1)

nomisec WRITEUP 1 stars
by 0NYX-MY7H · poc
https://github.com/0NYX-MY7H/CVE-2025-43920

This repository contains a detailed writeup for CVE-2025-43920, a command injection vulnerability in GNU Mailman 2.1.39 (cPanel/WHM bundle) via email subject lines when external archivers are configured. The PoC demonstrates how shell metacharacters in the subject can lead to arbitrary command execution.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: GNU Mailman 2.1.39 (bundled with cPanel/WHM)
No auth needed
Prerequisites: External archiver configured in Mailman · Ability to send emails to the target mailing list · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0049
EPSS Percentile 38.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-78
Status published
Products (1)
gnu/mailman 2.1.1 - 2.1.39
Published Apr 20, 2025
Tracked Since Feb 18, 2026