CVE-2025-68721
Unknown Unknown - Not Provided

Improper Access Control in Axigen WebAdmin Enables SSL Certificate Manipulation

Vulnerability report for CVE-2025-68721, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-05

Last updated on: 2026-02-13

Assigner: MITRE

Description

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-05
Last Modified
2026-02-13
Generated
2026-07-06
AI Q&A
2026-02-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
axigen axigen_mail_server From 10.3.0 (inc) to 10.5.57 (exc)
axigen axigen_mail_server From 10.6.0 (inc) to 10.6.26 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-68721 is an improper access control vulnerability in the Axigen Mail Server's WebAdmin interface affecting versions before 10.5.57. It allows a delegated admin account with zero permissions to bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint."}, {'type': 'paragraph', 'content': 'This means an attacker with such an account can view, download, upload, and delete SSL certificate files without having the necessary privileges to access this sensitive section.'}] [2]

Impact Analysis

Exploiting this vulnerability can have serious impacts including man-in-the-middle attacks, service disruption, domain impersonation, and privilege escalation.

Additionally, attackers can leverage existing cross-site scripting (XSS) vulnerabilities on the SSL Certificates page to target other administrator accounts, potentially leading to full system compromise.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to update Axigen WebAdmin to a fixed version.

  • Upgrade to Axigen WebAdmin version 10.5.57 or later if you are using the 10.5.x branch.
  • Upgrade to Axigen WebAdmin version 10.6.26 or later if you are using the 10.6.x branch.

Applying these updates will fix the improper access control vulnerability that allows delegated admin accounts with zero permissions to access and manipulate SSL certificate files.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68721. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart