VYPR
Unrated severityNVD Advisory· Published May 16, 2025· Updated May 16, 2025

HTTP host header injection vulnerability in IceWarp Mail Server

CVE-2025-40631

Description

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • IceWarp/Serverllm-fuzzy2 versions
    = 11.4.0+ 1 more
    • (no CPE)range: = 11.4.0
    • (no CPE)range: 11.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.