CVE-2025-43921

CWE-863Incorrect Authorization4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 38.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Mailman
Timeline
PublishedApr 20

Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDgnu/mailman2.1.12.1.39
CVEListV5gnu/mailman2.1.39

🔴Vulnerability Details

3
CVEList
CVE-2025-43921: GNU Mailman 22025-04-20
GHSA
GHSA-ch5j-3wwr-pjvh: GNU Mailman 22025-04-20
OSV
CVE-2025-43921: GNU Mailman 22025-04-20
CVE-2025-43921 (MEDIUM CVSS 5.3) | GNU Mailman 2.1.39 | cvebase.io