What is the CVSS score of CVE-2025-68723?

CVE-2025-68723 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of TLS are affected by CVE-2025-68723?

Axigen Mail Server versions before 10.5.57 contain critical stored XSS vulnerabilities in the WebAdmin interface that could allow attackers to compromise administrator accounts and gain control of…

How to fix or mitigate CVE-2025-68723?

Within 24 hours: Identify all Axigen Mail Server instances and document current versions; restrict WebAdmin interface access to trusted IP addresses only and disable remote access if not business-critical. Within 7 days: Contact Axigen for patch availability and ETA; evaluate alternative mail server platforms as contingency. Within 30 days: Apply vendor patch immediately upon release; conduct security audit of WebAdmin logs for signs of exploitation; reset all administrator credentials post-patch.

TLS CVE-2025-68723

CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-02-05 cve@mitre.org

TLS XSS Privilege Escalation Axigen Mail Server

9.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.0 CRITICAL

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 05, 2026 - 17:16 nvd

CRITICAL 9.0

DescriptionCVE.org

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions.

AnalysisAI

Multiple stored XSS vulnerabilities in Axigen Mail Server before 10.5.57 WebAdmin interface allow authenticated administrators to inject persistent malicious scripts that execute in other admin sessions.

Technical ContextAI

CWE-79 stored XSS in administrative interface fields. Malicious JavaScript persists in the WebAdmin configuration and executes when other administrators view affected pages.

RemediationAI

Update to Axigen 10.5.57 or later. Implement Content Security Policy headers. Audit admin account access.

CVE-2025-68723 vulnerability details – vuln.today

Back

TLS CVE-2025-68723

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code