CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerability-CVE-2025-68722-_407.html	Vendor Advisory
https://www.axigen.com/mail-server/download/	Product
https://github.com/osmancanvural/CVE-2025-68722	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:axigen:axigen_mail_server::::::::
	cpe:2.3:a:axigen:axigen_mail_server::::::::

History

No history.

Information

Published : 2026-02-05 16:15

Updated : 2026-02-24 18:14

NVD link : CVE-2025-68722

Mitre link : CVE-2025-68722

CVE.ORG link : CVE-2025-68722

JSON object : View

Products Affected

axigen

axigen_mail_server

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-68722", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-05T16:15:50.733", "references": [{"url": "https://www.axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerability-CVE-2025-68722-_407.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.axigen.com/mail-server/download/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/osmancanvural/CVE-2025-68722", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations."}, {"lang": "es", "value": "Axigen Mail Server antes de 10.5.57 y 10.6.x antes de 10.6.26 contiene una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la interfaz WebAdmin debido a un manejo inadecuado del par\u00e1metro _s (breadcrumb). La aplicaci\u00f3n acepta peticiones que cambian el estado a trav\u00e9s del m\u00e9todo GET y procesa autom\u00e1ticamente comandos codificados en base64 en cola en el par\u00e1metro _s inmediatamente despu\u00e9s de la autenticaci\u00f3n del administrador. Los atacantes pueden crear URL maliciosas que, cuando son clicadas por administradores, ejecutan acciones administrativas arbitrarias al iniciar sesi\u00f3n sin interacci\u00f3n adicional del usuario, incluyendo la creaci\u00f3n de cuentas de administrador maliciosas o la modificaci\u00f3n de configuraciones cr\u00edticas del servidor."}], "lastModified": "2026-02-24T18:14:24.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:axigen:axigen_mail_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FD23438-2B7F-48CB-9300-2A47F2B96A01", "versionEndExcluding": "10.5.57", "versionStartIncluding": "10.3.0"}, {"criteria": "cpe:2.3:a:axigen:axigen_mail_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FE47CA3-597B-45EE-BCFA-60440CDB5ECB", "versionEndExcluding": "10.6.26", "versionStartIncluding": "10.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}