Stored XSS Vulnerabilities in Axigen Mail Server WebAdmin Interface

CVE-2025-68723

What is CVE-2025-68723?

Axigen Mail Server versions before 10.5.57 are susceptible to multiple stored Cross-Site Scripting (XSS) vulnerabilities within the WebAdmin interface. These vulnerabilities exist in various features, including the log file name parameter on the Local Services Log page, the content of certificate files in the SSL Certificates View Usage, and the Certificate File name parameter in WebMail Listeners SSL settings. Attackers can exploit these vulnerabilities by injecting malicious JavaScript payloads, which can execute in the browsers of administrators who access the compromised pages. This can lead to privilege escalation, allowing low-privileged administrators to coerce high-privileged administrators into executing unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References