CVE-2025-40630

Publication date

2025-05-16 11:08:18

Family

INCIBE

State

PUBLISHED

Description

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example ā€œ https://icewarp.domain.com///%2e%2eā€ https://icewarp.domain.com///%2e%2eā€ . This vulnerability has been tested in Firefox.