CVE-2025-68723
Stored XSS in Axigen Mail Server WebAdmin Enables Privilege Escalation
Publication date: 2026-02-05
Last updated on: 2026-02-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axigen | axigen_mail_server | From 10.3.0 (inc) to 10.5.57 (exc) |
| axigen | axigen_mail_server | From 10.6.0 (inc) to 10.6.26 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-68723 is a set of multiple stored Cross-Site Scripting (XSS) vulnerabilities found in the Axigen Mail Server's WebAdmin interface before version 10.5.57."}, {'type': 'paragraph', 'content': 'These vulnerabilities occur in three specific areas: the log file name parameter in the Local Services Log page, the certificate file content in the SSL Certificates View Usage feature, and the Certificate File name parameter in the WebMail Listeners SSL settings.'}, {'type': 'paragraph', 'content': 'Attackers with low-privileged delegated admin accounts can inject malicious JavaScript payloads that execute in the browsers of high-privileged administrators when they access the affected pages or features.'}, {'type': 'paragraph', 'content': 'This allows attackers to escalate their privileges by forcing high-privileged admins to perform unauthorized actions within the administrative interface.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts by allowing attackers with low-level admin access to escalate their privileges to full administrative control.
Exploitation enables attackers to execute arbitrary JavaScript in the context of high-privileged administrators, which can lead to unauthorized actions such as granting full permissions to attacker-controlled accounts, modifying system configurations, or accessing sensitive data.
Because the malicious scripts are stored and persist in the system, all administrators who access the compromised pages can be affected, increasing the risk of widespread administrative compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-68723 involves inspecting the Axigen WebAdmin interface for malicious JavaScript payloads injected into specific components.
- Check the Local Services Log page for suspicious or unexpected script content in log file name parameters.
- Review SSL certificate files uploaded via the SSL Certificates View Usage feature for embedded JavaScript or unusual content.
- Examine the Certificate File name parameters in the WebMail Listeners SSL settings for injected scripts.
Since the vulnerability is stored XSS, manual inspection of these fields in the WebAdmin interface is necessary. Automated scanning tools or custom scripts that parse these parameters for script tags or JavaScript code may assist detection.
No specific commands are provided in the available resources for detection.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Axigen Mail Server to a fixed version.
- Upgrade to Axigen version 10.5.57 or later if using the 10.5.x branch.
- Alternatively, upgrade to Axigen version 10.6.26 or later if using the 10.6.x branch.
These updates contain fixes that address the stored XSS vulnerabilities in the WebAdmin interface.
Until the update is applied, restrict access to the WebAdmin interface to trusted administrators only and monitor for suspicious activity.