CVE-2025-43921 PUBLISHED

Assigner: mitre
Reserved: 19.04.2025 Published: 20.04.2025 Updated: 20.04.2025

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 5.3

Product Status

Vendor GNU
Product Mailman
Versions Default: unknown
  • Version 2.1.39 is affected

References

Problem Types

  • CWE-863 Incorrect Authorization CWE