CVE-2025-68723
Published: 05 February 2026
Summary
CVE-2025-68723 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Axigen Axigen Mail Server. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-68723 involves multiple stored cross-site scripting (XSS) vulnerabilities, classified under CWE-79, in the WebAdmin interface of Axigen Mail Server versions before 10.5.57. These flaws affect three specific parameters: (1) the log file name on the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Published on 2026-02-05, the vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and significant impacts across confidentiality, integrity, and availability when scope changes.
Attackers with low privileges, such as low-privileged administrators, can exploit these flaws by injecting malicious JavaScript payloads into the affected parameters. The payloads remain stored and execute in the context of a high-privileged administrator's browser when they access the impacted pages or features, requiring user interaction. This enables privilege escalation, where low-privileged attackers can manipulate high-privileged administrators into performing unauthorized actions.
Vendor guidance in the advisory at https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Stored-XSS-Vulnerabilities-CVE-2025-68723-_408.html recommends upgrading to Axigen Mail Server 10.5.57 or later to mitigate the vulnerabilities. Additional resources include the software download page at https://www.axigen.com/mail-server/download/ and a GitHub repository at https://github.com/osmancanvural/CVE-2025-68723 containing further details.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206861
Vulnerability details
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View…
more
Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public WebAdmin interface enables direct exploitation of the web application (T1190) and execution of attacker-supplied JavaScript payloads in victim admin sessions (T1059.007) for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates and sanitizes inputs to affected parameters like log file names, certificate content, and file names in WebAdmin, directly preventing storage of malicious JavaScript payloads.
Filters and encodes stored data when output in WebAdmin pages and features, preventing execution of injected XSS payloads in high-privileged administrators' browsers.
Mandates timely remediation of the specific stored XSS flaws by applying vendor patches such as upgrading Axigen Mail Server to 10.5.57 or later.