CVE-2025-40631

Name of the Vulnerable Software and Affected Versions: Icwarp Mail Server version 11.4.0

Description: The issue allows for HTTP host header injection, enabling the execution of arbitrary JavaScript code on page load when a user interacts with a malicious link. This is achieved by modifying the Host header and adding a payload.

Recommendations: For Icewarp Mail Server version 11.4.0, consider restricting access to the Host header modification functionality until a patch is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation.