CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34491 – GFI MailEssentials MultiNode Insecure Deserialization
https://notcve.org/view.php?id=CVE-2025-34491
28 Apr 2025 — GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup. • https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34490 – GFI MailEssentials XXE Vulnerability
https://notcve.org/view.php?id=CVE-2025-34490
28 Apr 2025 — GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. • https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-34489 – GFI MailEssentials Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-34489
28 Apr 2025 — GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. • https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2004-1312
https://notcve.org/view.php?id=CVE-2004-1312
03 Jan 2005 — A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. • http://kbase.gfi.com/showarticle.asp?id=KBID002249 •