CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.7%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2025-68722

Axigen » Axigen Mail Server » Version: Any

cpe:2.3:a:axigen:axigen_mail_server:*
Axigen » Axigen Mail Server » Version: 10.3.0

cpe:2.3:a:axigen:axigen_mail_server:10.3.0
Axigen » Axigen Mail Server » Version: 10.3.1.27

cpe:2.3:a:axigen:axigen_mail_server:10.3.1.27
Axigen » Axigen Mail Server » Version: 10.3.2.0

cpe:2.3:a:axigen:axigen_mail_server:10.3.2.0
Axigen » Axigen Mail Server » Version: 10.3.3.1

cpe:2.3:a:axigen:axigen_mail_server:10.3.3.1
Axigen » Axigen Mail Server » Version: 10.3.3.52

cpe:2.3:a:axigen:axigen_mail_server:10.3.3.52
Axigen » Axigen Mail Server » Version: 10.5.7

cpe:2.3:a:axigen:axigen_mail_server:10.5.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-68722

Products

Pricing

Contact Us