Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

Remediation

References

CVE-2025-43920

Related Vulnerabilities

WordPress Plugin WP Table Builder-WordPress Table Cross-Site Scripting (1.4.6)

Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)

IBM RTC CVE-2020-4964 Vulnerability (CVE-2020-4964)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-18210)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0828)

Severity

High

Classification

CVE-2025-43920 CWE-138 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities