{"vulnerability": "CVE-2025-34490", "sightings": [{"uuid": "4213908a-cb46-4b55-b542-ecff97977962", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34490", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnvqh3sltl2s", "content": "", "creation_timestamp": "2025-04-28T21:45:27.396056Z"}, {"uuid": "71b6ef4d-a605-4c7d-acaf-dec71cf054a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34490", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13723", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-34490\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files.\n\ud83d\udccf Published: 2025-04-28T19:02:03.532Z\n\ud83d\udccf Modified: 2025-04-28T19:02:03.532Z\n\ud83d\udd17 References:\n1. https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html\n2. https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases", "creation_timestamp": "2025-04-28T19:11:25.000000Z"}, {"uuid": "c9a1946b-30f5-4851-bf7c-6444af3c7907", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-34490", "type": "seen", "source": "https://t.me/cvedetector/23934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-34490 - GFI MailEssentials XXE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-34490 \nPublished : April 28, 2025, 7:15 p.m. | 24\u00a0minutes ago \nDescription : GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-28T22:25:51.000000Z"}]}