CVE-2025-68723
Unknown Unknown - Not Provided
Stored XSS in Axigen Mail Server WebAdmin Enables Privilege Escalation

Publication date: 2026-02-05

Last updated on: 2026-02-13

Assigner: MITRE

Description
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-13
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68723
EUVD
EUVD-2025-206861
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
axigen axigen_mail_server From 10.3.0 (inc) to 10.5.57 (exc)
axigen axigen_mail_server From 10.6.0 (inc) to 10.6.26 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-68723 is a set of multiple stored Cross-Site Scripting (XSS) vulnerabilities found in the Axigen Mail Server's WebAdmin interface before version 10.5.57."}, {'type': 'paragraph', 'content': 'These vulnerabilities occur in three specific areas: the log file name parameter in the Local Services Log page, the certificate file content in the SSL Certificates View Usage feature, and the Certificate File name parameter in the WebMail Listeners SSL settings.'}, {'type': 'paragraph', 'content': 'Attackers with low-privileged delegated admin accounts can inject malicious JavaScript payloads that execute in the browsers of high-privileged administrators when they access the affected pages or features.'}, {'type': 'paragraph', 'content': 'This allows attackers to escalate their privileges by forcing high-privileged admins to perform unauthorized actions within the administrative interface.'}] [1]

Impact Analysis

This vulnerability can have serious impacts by allowing attackers with low-level admin access to escalate their privileges to full administrative control.

Exploitation enables attackers to execute arbitrary JavaScript in the context of high-privileged administrators, which can lead to unauthorized actions such as granting full permissions to attacker-controlled accounts, modifying system configurations, or accessing sensitive data.

Because the malicious scripts are stored and persist in the system, all administrators who access the compromised pages can be affected, increasing the risk of widespread administrative compromise.

Compliance Impact

I don't know

Detection Guidance

Detection of CVE-2025-68723 involves inspecting the Axigen WebAdmin interface for malicious JavaScript payloads injected into specific components.

  • Check the Local Services Log page for suspicious or unexpected script content in log file name parameters.
  • Review SSL certificate files uploaded via the SSL Certificates View Usage feature for embedded JavaScript or unusual content.
  • Examine the Certificate File name parameters in the WebMail Listeners SSL settings for injected scripts.

Since the vulnerability is stored XSS, manual inspection of these fields in the WebAdmin interface is necessary. Automated scanning tools or custom scripts that parse these parameters for script tags or JavaScript code may assist detection.

No specific commands are provided in the available resources for detection.

Mitigation Strategies

The primary mitigation step is to update the Axigen Mail Server to a fixed version.

  • Upgrade to Axigen version 10.5.57 or later if using the 10.5.x branch.
  • Alternatively, upgrade to Axigen version 10.6.26 or later if using the 10.6.x branch.

These updates contain fixes that address the stored XSS vulnerabilities in the WebAdmin interface.

Until the update is applied, restrict access to the WebAdmin interface to trusted administrators only and monitor for suspicious activity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68723. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart