CVE-2025-43921

MEDIUM

GNU Mailman 2.1.1-2.1.38 - Unauthenticated List Creation via /mailman/create Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-43921. PoCs published by 0NYX-MY7H.

AI-analyzed exploit summary The repository provides a detailed writeup and proof-of-concept for CVE-2025-43921, an authentication bypass vulnerability in GNU Mailman 2.1.39 (bundled with cPanel/WHM) that allows unauthenticated attackers to create mailing lists via the `/mailman/create` endpoint.

Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

Exploits (1)

nomisec WRITEUP
by 0NYX-MY7H · poc
https://github.com/0NYX-MY7H/CVE-2025-43921

The repository provides a detailed writeup and proof-of-concept for CVE-2025-43921, an authentication bypass vulnerability in GNU Mailman 2.1.39 (bundled with cPanel/WHM) that allows unauthenticated attackers to create mailing lists via the `/mailman/create` endpoint.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GNU Mailman 2.1.39 (cPanel/WHM bundle)
No auth needed
Prerequisites: Access to the `/mailman/create` endpoint on a vulnerable GNU Mailman instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.3
EPSS 0.0038
EPSS Percentile 29.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (1)
gnu/mailman 2.1.1 - 2.1.39
Published Apr 20, 2025
Tracked Since Feb 18, 2026