CVE-2025-68723

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57

Description Axigen Mail Server contains multiple stored Cross-Site Scripting (XSS) issues within the WebAdmin interface. These issues exist in three areas: the log file name parameter on the Local Services Log page, certificate file content in the SSL Certificates View Usage feature, and the Certificate File name parameter in the WebMail Listeners SSL settings. Successful exploitation allows attackers to inject malicious JavaScript payloads that execute in administrators' browsers when accessing affected pages or features. This can lead to privilege escalation, enabling low-privileged administrators to force high-privileged administrators to perform unauthorized actions. The vulnerable parameters include the log file name, certificate file content, and Certificate File name.

Recommendations Update Axigen Mail Server to version 10.5.57 or later.