WEB APPLICATION VULNERABILITIES Standard & Premium

Mailman Incorrect Authorization Vulnerability (CVE-2025-43921)

Description

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.

Remediation

References

Related Vulnerabilities

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6379)

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)

WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)

Sqlite Improper Initialization Vulnerability (CVE-2020-11655)

WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)

Severity

Medium

Classification

CVE-2025-43921 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities