CVE-2025-34489

Published: Apr 28, 2025Modified: Nov 4, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service.

Affected (1)

Products: Gfi: Mailessentials

Gfi

1 product

Mailessentials

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gfi Mailessentials	Before 21.8

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (3)

https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html

Source: disclosure@vulncheck.com

Exploit

https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases

Source: disclosure@vulncheck.com

Release Notes

https://www.vulncheck.com/advisories/gfi-mailessentials-local-privilege-escalation

Source: disclosure@vulncheck.com

Timeline

No history available yet.