Icewarp Icewarp Mail Server
3 CVEs affecting Icewarp Icewarp Mail Server. Latest disclosed: 2025-05-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-40632 | Medium | 6.1 | 2025-05-16 | Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicio… |
CVE-2025-40631 | Medium | 6.1 | 2025-05-16 | HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScri… |
CVE-2025-40630 | Medium | 6.1 | 2025-05-16 | Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sendi… |