CVE-2025-34490
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GFI | MailEssentials | 0 < 21.8 | affected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html
- https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases
- https://www.vulncheck.com/advisories/gfi-mailessentials-xxe-arbitrary-file-read
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.