8.8
CVE-2025-34491
- EPSS 0.74%
- Veröffentlicht 28.04.2025 19:20:02
- Zuletzt bearbeitet 04.11.2025 23:15:37
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
GFI MailEssentials < 21.8 MultiNode Insecure Deserialization
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gfi ≫ Mailessentials Version < 21.8
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.74% | 0.501 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html
https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases
https://www.vulncheck.com/advisories/gfi-mailessentials-multinode-insecure-deserialization