CVE-2025-68721
Unknown Unknown - Not Provided
Improper Access Control in Axigen WebAdmin Enables SSL Certificate Manipulation

Publication date: 2026-02-05

Last updated on: 2026-02-13

Assigner: MITRE

Description
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-13
Generated
2026-05-07
AI Q&A
2026-02-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68721
EUVD
EUVD-2025-206828
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
axigen axigen_mail_server From 10.3.0 (inc) to 10.5.57 (exc)
axigen axigen_mail_server From 10.6.0 (inc) to 10.6.26 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2025-68721 is an improper access control vulnerability in the Axigen Mail Server's WebAdmin interface affecting versions before 10.5.57. It allows a delegated admin account with zero permissions to bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint."}, {'type': 'paragraph', 'content': 'This means an attacker with such an account can view, download, upload, and delete SSL certificate files without having the necessary privileges to access this sensitive section.'}] [2]


How can this vulnerability impact me? :

Exploiting this vulnerability can have serious impacts including man-in-the-middle attacks, service disruption, domain impersonation, and privilege escalation.

Additionally, attackers can leverage existing cross-site scripting (XSS) vulnerabilities on the SSL Certificates page to target other administrator accounts, potentially leading to full system compromise.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The recommended immediate step to mitigate this vulnerability is to update Axigen WebAdmin to a fixed version.

  • Upgrade to Axigen WebAdmin version 10.5.57 or later if you are using the 10.5.x branch.
  • Upgrade to Axigen WebAdmin version 10.6.26 or later if you are using the 10.6.x branch.

Applying these updates will fix the improper access control vulnerability that allows delegated admin accounts with zero permissions to access and manipulate SSL certificate files.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart