8.8
/ 10
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of a parameter passed to the gmaps webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25441.
The specific flaw exists within the handling of a parameter passed to the gmaps webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25441.
AI Analysis
IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability, allowing remote attackers to bypass authentication on affected installations of IceWarp by injecting an arbitrary script due to the lack of proper validation of user-supplied data.
Basic Information
ID
CVE-2025-14499
Source
zdi
Published
Dec 23, 2025 at 21:19
Affected Product
Vendor
IceWarp
Product
IceWarp
Version
14.2.0.5
Affected Versions
IceWarp IceWarp 14.2.0.5
CWE Classification
AI Assessment
AI Score
8.8 / 10
AI Severity
High
Vendor
IceWarp
Product
IceWarp
Version
14.2.0.5