CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.8%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2025-68721

Axigen » Axigen Mail Server » Version: Any

cpe:2.3:a:axigen:axigen_mail_server:*
Axigen » Axigen Mail Server » Version: 10.3.0

cpe:2.3:a:axigen:axigen_mail_server:10.3.0
Axigen » Axigen Mail Server » Version: 10.3.1.27

cpe:2.3:a:axigen:axigen_mail_server:10.3.1.27
Axigen » Axigen Mail Server » Version: 10.3.2.0

cpe:2.3:a:axigen:axigen_mail_server:10.3.2.0
Axigen » Axigen Mail Server » Version: 10.3.3.1

cpe:2.3:a:axigen:axigen_mail_server:10.3.3.1
Axigen » Axigen Mail Server » Version: 10.3.3.52

cpe:2.3:a:axigen:axigen_mail_server:10.3.3.52
Axigen » Axigen Mail Server » Version: 10.5.7

cpe:2.3:a:axigen:axigen_mail_server:10.5.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-68721

Products

Pricing

Contact Us