CVE-2025-34490
MEDIUM WAF: High
CVSS 6.5
Published: 2025-04-28
CWE-611 CWE-611
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| gfi | mailessentials | up to 21.8 |
References
- frycos.github.io (Exploit)
- gfi.ai (Release Notes)
- www.vulncheck.com