CVE-2025-34490

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
28/04/2025
Last modified:
10/05/2025

Description

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gfi:mailessentials:*:*:*:*:*:*:*:* 21.8 (excluding)