How to fix CVE-2025-68722?

Within 24 hours: Immediately restrict WebAdmin interface access to trusted networks only via firewall/network segmentation and disable external access until patch availability is confirmed. Within 7 days: Implement WAF rules to block requests with base64-encoded payloads in the _s parameter, conduct audit logs for suspicious administrative activity, and notify all administrators to avoid clicking external links while authenticated to WebAdmin. Within 30 days: Upgrade to patched versions (10.5.57 or later, 10.6.26 or later) as soon as vendor releases are available, or migrate to alternative mail server solutions if patches remain unavailable.

Is Axigen Mail Server affected by CVE-2025-68722?

Axigen Mail Server installations are vulnerable to a high-severity CSRF attack that allows threat actors to trick administrators into executing unauthorized commands through malicious URLs, potentially compromising email infrastructure and sensitive data.

CVE-2025-68722

HIGH

2026-02-05 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 24, 2026 - 18:14 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 16:15 nvd

HIGH 8.8

Description

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administrative actions upon login without further user interaction, including creating rogue administrator accounts or modifying critical server configurations.

Analysis

Technical Context

This vulnerability (CWE-352: Cross-Site Request Forgery (CSRF)) exists in the WebAdmin component. Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and automatically processes base64-encoded commands queued in the _s parameter immediately after administrator authentication. Attackers can craft malicious URLs that, when clicked by administrators, execute arbitrary administra

Affected Products

Vendor: Axigen. Product: Axigen Mail Server. Versions: up to 10.5.57. Component: WebAdmin.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: +20

CVE-2025-68722 vulnerability details – vuln.today

Back

CVE-2025-68722

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-68722

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code