Описание
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-34490
- https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html
- https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases
- https://www.vulncheck.com/advisories/gfi-mailessentials-xxe-arbitrary-file-read
Связанные уязвимости
CVSS3: 6.5
nvd
10 месяцев назад
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.