Question
Information on 3 Mailman vulnerabilities was recently released. Is the cPanel software vulnerable?
Answer
Not that we are aware of. We have briefly tested the Proof of Concept (PoC) for each and haven't been able to reproduce them. However, we are further investigating to make sure that this is indeed the case. This article will be updated as more information is discovered.
Update: April 28, 2025
Webpros/cPanel has investigated these claims, both internally and via third party subject-matter experts. We are currently unable to reproduce the claims using the information provided. Additionally, we can find no record of the reporter contacting us via any of our well-known methods. We have contacted the Mailman maintainers, and they do not show any records of an attempted contact from the reporters either. We have attempted to contact the reporter multiple times via their publicly listed email addresses and have received no response. We do not consider these vulnerabilities to be valid. We will be taking no further action unless new information is provided.
Comments
0 comments
Article is closed for comments.