Remote Code Execution Vulnerability in IceWarp by IceWarp Limited
CVE-2025-14500

9.8CRITICAL

Key Information:

Vendor: Icewarp
Status: Icewarp
Vendor: CVE Published:; 23 December 2025

What is CVE-2025-14500?

The IceWarp product has a vulnerability that allows remote attackers to execute arbitrary code due to improper validation of the X-File-Operation header. This flaw permits unauthorized command execution on affected installations without requiring authentication, leading to potential full access to the system. Attackers can exploit this vulnerability to run arbitrary commands in the context of the operating system, posing serious risks to data security and system integrity. For further details, refer to the ZDI advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IceWarp 14.2.0.5

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1072/

x_research-advisory

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2025
Vulnerability Reserved
Dec 10, 2025

JSON

Icewarp

What is CVE-2025-14500?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.