CVE-2025-40632 LOW

CVE-2025-40632: Cross-site scripting (XSS) vulnerability in IceWarp Mail Server

Vendor Icewarp
Product Icewarp Mail Server
Weakness CWE-79 · XSS
Published May 16, 2025
Last update May 16, 2025

CVSS base score

2.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.

Key dates

02Disclosure timeline

May 16, 2025 CVE published
May 16, 2025 Record updated