Vulnerabilities > CVE-2025-34491 - Deserialization of Untrusted Data vulnerability in GFI Mailessentials

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gfi

CWE-502

NVD

Published: 2025-04-28

Updated: 2025-05-10

Summary

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.

Vulnerable Configurations

Part	Description	Count
Application	Gfi GFI Mailessentials 20 GFI Mailessentials 20.1 GFI Mailessentials 20.2 GFI Mailessentials 20.3 GFI Mailessentials 21.0 GFI Mailessentials 21.1 GFI Mailessentials 21.2 GFI Mailessentials 21.3 GFI Mailessentials 21.4 GFI Mailessentials 21.5 GFI Mailessentials 21.6 GFI Mailessentials 21.7	30

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References