cvedb.io
CVE-2025-40630
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-05-16T11:15:44.763 · Last modified 2026-06-17T09:21:51.507

Summary

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.

Affected products

icewarp — mail_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when icewarp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.