CVE-2025-40630

MEDIUM WAF: Medium

CVSS 6.1 Published: 2025-05-16

CWE-601

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com///%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
icewarp	mail_server	11.4.0

References

www.incibe.es (Third Party Advisory)

Back to CVE Database