CVE-2025-43921

EUVD-2025-12590
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
5.3 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
gnumailman
2.1.1 ≤
𝑥
≤ 2.1.39
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://code.launchpad.net/~mailman-coders/mailman/2.1
https://github.com/0NYX-MY7H/CVE-2025-43921
https://github.com/cpanel/mailman2-python3
https://www.openwall.com/lists/oss-security/2025/04/21/6