CVE-2025-68721 is an improper access control vulnerability identified in Axigen Mail Server versions prior to 10.5.57, specifically affecting the WebAdmin interface. The flaw allows delegated administrator accounts, even those configured with zero permissions, to bypass intended access control mechanisms and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This endpoint controls critical SSL certificate files used to secure communications. Exploiting this vulnerability enables an attacker to view, download, upload, and delete SSL certificates, actions normally restricted to privileged administrators. The vulnerability stems from inadequate enforcement of permission checks (CWE-284) within the WebAdmin interface. The CVSS v3.1 base score is 8.1 (high severity), reflecting network exploitability (AV:N), low attack complexity (AC:L), requiring delegated privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality and integrity (C:H/I:H) but no impact on availability (A:N). While no public exploits are currently known, the ability to manipulate SSL certificates could allow attackers to impersonate mail servers, intercept encrypted communications, or disrupt secure email operations. The vulnerability affects all deployments running vulnerable versions of Axigen Mail Server with WebAdmin enabled and delegated admin accounts configured. The lack of a patch link suggests that remediation may require upgrading to version 10.5.57 or later once available or applying vendor guidance to restrict access.

The vulnerability poses a significant risk to organizations relying on Axigen Mail Server for email communications. Unauthorized access to SSL certificates compromises the confidentiality and integrity of encrypted communications, potentially enabling man-in-the-middle attacks, interception of sensitive email data, and impersonation of mail servers. Attackers could also disrupt secure email operations by deleting or replacing certificates, leading to service outages or degraded trust. Since delegated admin accounts with zero permissions can exploit this flaw, insider threats or compromised low-privilege accounts become more dangerous. The impact extends to any organization using Axigen Mail Server, including enterprises, government agencies, and service providers, especially those handling sensitive or regulated data. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits. The vulnerability could also undermine organizational compliance with security standards requiring proper certificate management.

Organizations should immediately verify if they are running Axigen Mail Server versions prior to 10.5.57 and assess the configuration of delegated admin accounts. Until a patch or update is applied, restrict access to the WebAdmin interface to trusted networks and personnel only, using network-level controls such as VPNs, firewalls, or IP whitelisting. Review and minimize the number of delegated admin accounts, especially those with zero or minimal permissions, and monitor their activity closely. Implement strong authentication and logging for all administrative access. If possible, disable or limit the SSL Certificates management functionality for delegated admins. Stay in contact with Axigen for official patches or security advisories and apply updates promptly once available. Conduct regular audits of SSL certificates to detect unauthorized changes. Consider deploying intrusion detection systems to monitor for suspicious WebAdmin access patterns. Finally, educate administrators about the risks of delegated accounts and enforce the principle of least privilege.