CVE-2025-68721

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57

Description Axigen Mail Server contains an improper access control issue in the WebAdmin interface. A delegated admin account with no permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows an attacker to view, download, upload, and delete SSL certificate files, even without the required privileges to access the Security & Filtering section.

Recommendations Update to version 10.5.57 or later.