Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.

Remediation

References

CVE-2025-43920

Related Vulnerabilities

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)

WordPress Plugin EELV Newsletter Cross-Site Scripting (3.3.0)

Plone CMS Improper Input Validation Vulnerability (CVE-2013-4197)

WordPress Plugin WPBakery Page Builder Clipboard Cross-Site Scripting (4.5.5)

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-18113)

Severity

High

Classification

CVE-2025-43920 CWE-138 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities