CVE-2025-68721

High CVSS: 8.1

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.

Vendor

Axigen

Product

Axigen Mail Server

CWE

CWE-284

Yayın Tarihi

2026-02-05 16:15:50

Güncelleme

2026-02-13 15:15:57

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Axigen Mail Server HIGH Axigen 2026

Referanslar

https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-Control-Vulnerability-CVE-2025-68721-_406.html https://www.axigen.com/mail-server/download/ https://github.com/osmancanvural/CVE-2025-68721

Benzer Kayıtlar

Medium

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account pre…

Critical

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin in…

High

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability i…