Icewarp Mail Server vulnerabilities
3 known vulnerabilities affecting icewarp/icewarp_mail_server.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-40630P3MEDIUMCVSS 6.1PoCv11.4.02025-05-16
CVE-2025-40630 [MEDIUM] CWE-601 CVE-2025-40630: Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability a
Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com///%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.
nvd
CVE-2025-40631P4MEDIUMCVSS 6.1v11.4.02025-05-16
CVE-2025-40631 [MEDIUM] CWE-644 CVE-2025-40631: HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifyi
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.
nvd
CVE-2025-40632P4MEDIUMCVSS 6.1v11.4.02025-05-16
CVE-2025-40632 [MEDIUM] CWE-79 CVE-2025-40632: Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allow
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.
nvd