← back
CVE-2025-40632

Cross-site scripting (XSS) vulnerability in IceWarp Mail Server

CVSS 2 LOWEPSS 0.2%CWE-79
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Icewarp · Icewarp Mail Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server