CVE-2025-40630

Medium CVSS: 5.1

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.

Vendor

Icewarp

Product

Mail Server

CWE

CWE-601

Yayın Tarihi

2025-05-16 11:15:44

Güncelleme

2025-10-09 19:32:14

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-601 Mail Server MEDIUM Icewarp 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server

Benzer Kayıtlar

Low

CVE-2025-40631

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header a…

Low

CVE-2025-40632

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to mod…

Medium

CVE-2024-55218

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.