CVE-2025-40631

Low CVSS: 2.0

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.

Vendor

Icewarp

Product

Mail Server

CWE

CWE-644

Yayın Tarihi

2025-05-16 11:15:45

Güncelleme

2025-10-09 19:31:54

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-644 Mail Server LOW Icewarp 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server

Benzer Kayıtlar

Low

CVE-2025-40632

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to mod…

Medium

CVE-2025-40630

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to…

Medium

CVE-2024-55218

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.