Cross-Site Scripting Vulnerability in IceWarp gmaps
CVE-2025-14499
8.8HIGH
What is CVE-2025-14499?
The IceWarp gmaps application suffers from a Cross-Site Scripting vulnerability due to inadequate validation of user-supplied data in a specific parameter. This flaw can be exploited by attackers, requiring user interaction through visits to malicious web pages or files, allowing the potential for an authentication bypass. Proper mitigation and prompt updates are critical for users to safeguard their installations against external threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
IceWarp 14.2.0.5
References
CVSS V3.0
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
