Cyber Resilience

CVE-2025-68721

High

Published: 05 February 2026

Published
05 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0031 22.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-68721 is a high-severity Improper Access Control (CWE-284) vulnerability in Axigen Axigen Mail Server. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-68721 is an improper access control vulnerability (CWE-284) affecting Axigen Mail Server versions prior to 10.5.57, specifically in the WebAdmin interface. A delegated administrator account configured with zero permissions can bypass access control checks to reach the SSL Certificates management endpoint (page=sslcerts). This flaw enables unauthorized handling of sensitive SSL certificate files, despite the account lacking privileges for the Security & Filtering section. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and was published on 2026-02-05.

Exploitation requires low-privilege network access as a delegated admin account, with low attack complexity and no user interaction needed. An attacker can leverage this to view, download, upload, and delete SSL certificate files, potentially compromising confidentiality and integrity of cryptographic materials used by the mail server. Successful exploitation could facilitate man-in-the-middle attacks, certificate replacement, or exposure of private keys.

Axigen advisories recommend upgrading to version 10.5.57 or later to mitigate the issue, as detailed in their knowledgebase article at https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-Control-Vulnerability-CVE-2025-68721-_406.html and download page at https://www.axigen.com/mail-server/download/. A proof-of-concept is available on GitHub at https://github.com/osmancanvural/CVE-2025-68721.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows…

more

the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.004 Private Keys Credential Access
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.
Why these techniques?

Vulnerability is a web-based access control bypass in a mail server admin interface (T1190), directly enabling unauthorized access/exfiltration of private SSL keys (T1552.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-68722Same product: Axigen Axigen Mail Server
CVE-2025-68723Same product: Axigen Axigen Mail Server
CVE-2026-7198Shared CWE-284
CVE-2026-46818Shared CWE-284
CVE-2025-70363Shared CWE-284
CVE-2026-34310Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2026-34287Shared CWE-284
CVE-2026-44277Shared CWE-284
CVE-2025-66509Shared CWE-284

Affected Assets

axigen
axigen mail server
10.3.0 — 10.5.57 · 10.6.0 — 10.6.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to system resources in accordance with access control policies, directly preventing the bypass of checks allowing zero-privilege delegated admins to access the SSL certificates endpoint.

prevent

Employs least privilege by restricting access to only authorized functions, limiting the potential impact of improper access control bypasses in the WebAdmin interface.

prevent

Identifies, reports, and remediates system flaws such as this improper access control vulnerability by applying vendor patches like the upgrade to Axigen 10.5.57.

References