Cross-Site Scripting Vulnerability in IceWarp gmaps
CVE-2025-14499

8.8HIGH

Key Information:

Vendor: Icewarp
Status: Icewarp
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14499?

The IceWarp gmaps application suffers from a Cross-Site Scripting vulnerability due to inadequate validation of user-supplied data in a specific parameter. This flaw can be exploited by attackers, requiring user interaction through visits to malicious web pages or files, allowing the potential for an authentication bypass. Proper mitigation and prompt updates are critical for users to safeguard their installations against external threats.

Affected Version(s)

IceWarp 14.2.0.5

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1071/

x_research-advisory

https://support.icewarp.com/hc/en-us/community/posts/4004...

vendor-advisory

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

Icewarp

What is CVE-2025-14499?

Affected Version(s)

References

CVSS V3.0

Timeline