CVE-2025-43920

Name of the Vulnerable Software and Affected Versions GNU Mailman version 2.1.39

Description The issue allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. This occurs in certain external archiver configurations.

Recommendations For GNU Mailman version 2.1.39, consider disabling the processing of email Subject lines that contain shell metacharacters until a patch is available. Restrict access to the email archiver module to minimize the risk of exploitation. Avoid using the email Subject line in the affected configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.