GNU Mailman Directory Traversal Vulnerability in cPanel and WHM

Vulnerability

A directory traversal vulnerability has been identified in GNU Mailman version 2.1.39, which is included with cPanel and WHM. This vulnerability allows unauthenticated attackers to read arbitrary files by exploiting the private archive authentication endpoint. The issue arises from the username parameter, which can be manipulated to traverse directories and access restricted files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.3

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

3.3

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Mailman Directory Traversal Vulnerability in cPanel and WHM

Vulnerability

Impact

Affected Products

GNU Mailman

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating