Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34490

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.

Published

2025-04-28T19:15:47.050

Last Modified

2025-05-10T00:58:59.130

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-611
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gfi	mailessentials	< 21.8	Yes

References

https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html Exploit ([email protected])
https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases Release Notes ([email protected])