CVE-2025-68723 identifies multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Axigen Mail Server's WebAdmin interface versions before 10.5.57. Specifically, three distinct injection points exist: (1) the log file name parameter on the Local Services Log page, (2) the certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter within the WebMail Listeners SSL settings. These vulnerabilities allow an attacker with at least low-level administrative access to inject malicious JavaScript code that is persistently stored and executed in the browsers of higher-privileged administrators when they access these pages. This execution context enables attackers to perform privilege escalation by coercing or tricking high-privileged admins into executing unauthorized actions, potentially compromising the integrity and confidentiality of the mail server environment. The lack of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed. No public exploit code or active exploitation has been reported, but the nature of stored XSS in administrative interfaces poses a significant risk due to the high privileges involved. The vulnerability arises from insufficient input sanitization and output encoding in the affected parameters, allowing malicious scripts to be stored and executed. Axigen Mail Server is a widely used email server solution, and its WebAdmin interface is critical for managing mail services, making this vulnerability particularly sensitive.

For European organizations, the impact of CVE-2025-68723 can be severe, especially for those relying on Axigen Mail Server for critical email infrastructure. Successful exploitation could lead to unauthorized administrative actions, including changes to mail server configurations, interception or manipulation of email traffic, and potential lateral movement within the network. The confidentiality of sensitive communications could be compromised, and the integrity of mail services disrupted. Since the attack requires at least low-level admin access, insider threats or compromised low-privileged accounts pose a significant risk. The stored XSS nature means that multiple administrators could be affected over time, amplifying the potential damage. Disruption to email services can affect business continuity, regulatory compliance (e.g., GDPR), and organizational reputation. European organizations with strict data protection requirements must consider the risk of data leakage or unauthorized access resulting from this vulnerability. The absence of known exploits in the wild provides a window for proactive mitigation, but the threat remains critical due to the administrative context and potential for privilege escalation.

To mitigate CVE-2025-68723, European organizations should immediately upgrade Axigen Mail Server to version 10.5.57 or later, where the vulnerabilities are patched. If upgrading is not immediately possible, implement strict input validation and output encoding on the affected WebAdmin interface parameters to prevent script injection. Restrict WebAdmin access to trusted networks and enforce multi-factor authentication for all administrative accounts to reduce the risk of low-privileged account compromise. Conduct thorough audits of existing log file names and SSL certificate entries to identify and remove any malicious scripts. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the administrative interface. Monitor administrative activities and logs for unusual behavior indicative of exploitation attempts. Educate administrators about the risks of interacting with untrusted inputs within the WebAdmin interface. Finally, segment administrative interfaces from general user networks to minimize exposure.