Local Privilege Escalation in GFI MailEssentials by GFI Software
CVE-2025-34489

7.8HIGH

Key Information:

Vendor: Gfi
Status: Mailessentials
Vendor: CVE Published:; 28 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34489?

A local privilege escalation vulnerability in GFI MailEssentials prior to version 21.8 allows a local attacker to gain elevated privileges. By sending a crafted serialized payload to a .NET Remoting Service, the attacker can escalate their privileges to that of the NT Authority/SYSTEM. This vulnerability can potentially lead to unauthorized access and control over the affected system, posing significant risks to the integrity and security of the environment.

Affected Version(s)

MailEssentials 0 < 21.8

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34489 - Proof of Concept

References

https://frycos.github.io/vulns4free/2025/04/28/mailessent...

technical-descriptionexploit

https://gfi.ai/products-and-solutions/network-security-so...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 28, 2025
👾
Exploit known to exist
Apr 28, 2025
Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Frycos

Gfi

Badges

What is CVE-2025-34489?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit