CVE-2025-40630

Open redirection vulnerability in IceWarp Mail Server

Description

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2e” https://icewarp.domain.com///%2e%2e” . This vulnerability has been tested in Firefox.

INFO

Published Date :

2025-05-16T11:08:18.538Z

Last Modified :

2025-05-16T13:46:17.479Z

Source :

INCIBE

AFFECTED PRODUCTS

The following products are affected by CVE-2025-40630 vulnerability.

Vendors	Products
Icewarp	Mail Server

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40630.

URL	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-icewarp-mail-server

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact