Cyber Resilience

CVE-2025-68723

Critical

Published: 05 February 2026

Published
05 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0026 17.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-68723 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Axigen Axigen Mail Server. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-68723 involves multiple stored cross-site scripting (XSS) vulnerabilities, classified under CWE-79, in the WebAdmin interface of Axigen Mail Server versions before 10.5.57. These flaws affect three specific parameters: (1) the log file name on the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Published on 2026-02-05, the vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and significant impacts across confidentiality, integrity, and availability when scope changes.

Attackers with low privileges, such as low-privileged administrators, can exploit these flaws by injecting malicious JavaScript payloads into the affected parameters. The payloads remain stored and execute in the context of a high-privileged administrator's browser when they access the impacted pages or features, requiring user interaction. This enables privilege escalation, where low-privileged attackers can manipulate high-privileged administrators into performing unauthorized actions.

Vendor guidance in the advisory at https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Stored-XSS-Vulnerabilities-CVE-2025-68723-_408.html recommends upgrading to Axigen Mail Server 10.5.57 or later to mitigate the vulnerabilities. Additional resources include the software download page at https://www.axigen.com/mail-server/download/ and a GitHub repository at https://github.com/osmancanvural/CVE-2025-68723 containing further details.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View…

more

Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Stored XSS in public WebAdmin interface enables direct exploitation of the web application (T1190) and execution of attacker-supplied JavaScript payloads in victim admin sessions (T1059.007) for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-68722Same product: Axigen Axigen Mail Server
CVE-2025-68721Same product: Axigen Axigen Mail Server
CVE-2025-26907Shared CWE-79
CVE-2025-69084Shared CWE-79
CVE-2025-69048Shared CWE-79
CVE-2025-22567Shared CWE-79
CVE-2025-69324Shared CWE-79
CVE-2026-1841Shared CWE-79
CVE-2025-26588Shared CWE-79
CVE-2025-23850Shared CWE-79

Affected Assets

axigen
axigen mail server
10.3.0 — 10.5.57 · 10.6.0 — 10.6.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates and sanitizes inputs to affected parameters like log file names, certificate content, and file names in WebAdmin, directly preventing storage of malicious JavaScript payloads.

prevent

Filters and encodes stored data when output in WebAdmin pages and features, preventing execution of injected XSS payloads in high-privileged administrators' browsers.

prevent

Mandates timely remediation of the specific stored XSS flaws by applying vendor patches such as upgrading Axigen Mail Server to 10.5.57 or later.

References