The vulnerability identified as CVE-2025-68722 affects Axigen Mail Server versions prior to 10.5.57 and 10.6.x before 10.6.26. It is a Cross-Site Request Forgery (CSRF) issue located in the WebAdmin interface, specifically related to the improper handling of the _s parameter, which functions as a breadcrumb mechanism. The WebAdmin interface accepts state-changing requests via the HTTP GET method, which is unusual and insecure for such operations. The _s parameter can carry base64-encoded commands that the server processes immediately after an administrator successfully authenticates. This design flaw allows an attacker to craft a malicious URL embedding these encoded commands. If an administrator clicks this URL, the server executes the commands without requiring additional user interaction or authentication steps. Potential malicious actions include creating unauthorized administrator accounts and modifying critical server configurations, which could lead to full system compromise. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The CVSS v3.1 base score is 8.8, indicating high severity, with attack vector Network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported, the vulnerability's characteristics make it a significant risk for organizations relying on affected Axigen Mail Server versions.

The impact of CVE-2025-68722 is substantial for organizations using vulnerable Axigen Mail Server versions. Successful exploitation allows attackers to perform arbitrary administrative actions remotely by tricking administrators into clicking malicious URLs. This can lead to unauthorized creation of administrator accounts, enabling persistent and stealthy access to the mail server. Attackers can also modify critical server configurations, potentially disrupting mail services, intercepting or altering email communications, and compromising sensitive data. The breach of administrative control undermines the confidentiality, integrity, and availability of the mail infrastructure, which is often a critical communication backbone for organizations. This can result in operational disruptions, data breaches, regulatory non-compliance, and reputational damage. Given the network-exploitable nature and lack of required privileges, the threat is relevant to any organization exposing the WebAdmin interface to internal or external networks.

To mitigate CVE-2025-68722, organizations should urgently upgrade Axigen Mail Server to versions 10.5.57 or later, or 10.6.26 or later, where the vulnerability is patched. If immediate patching is not feasible, restrict access to the WebAdmin interface using network-level controls such as VPNs, IP whitelisting, or firewall rules to limit exposure to trusted administrators only. Implement multi-factor authentication (MFA) for administrator accounts to reduce the risk of unauthorized access. Administrators should be trained to avoid clicking on suspicious or unsolicited URLs, especially those targeting the WebAdmin interface. Additionally, monitoring and logging administrative actions can help detect anomalous activities indicative of exploitation attempts. Consider disabling or limiting the use of GET requests for state-changing operations if configurable. Regularly audit administrator accounts and server configurations for unauthorized changes. Finally, maintain up-to-date backups of configurations and data to enable recovery in case of compromise.