Gfi: >> Mailessentials >> 21.5 Security Vulnerabilities
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-04-28
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-28
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-04-28