GNU Mailman List Creation Vulnerability in cPanel and WHM

Vulnerability

A vulnerability in GNU Mailman version 2.1.39, as included with cPanel and WHM, allows unauthenticated attackers to create mailing lists through the /mailman/create endpoint. However, multiple third parties have reported being unable to reproduce this issue, regardless of whether cPanel or WHM is used.

Impact

Exploitation of this vulnerability allows for unauthorized creation of mailing lists.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Mailman List Creation Vulnerability in cPanel and WHM

Vulnerability

Impact

Affected Products

GNU Mailman

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating