CVE-2025-68721

HIGH

Axigen Mail Server <10.5.57 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-68721. PoCs published by XiaomingX, osmancanvural.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2025-68721, an improper access control vulnerability in Axigen WebAdmin. It describes how an admin account with no permissions can access the SSL Certificates endpoint, allowing unauthorized certificate management.

Description

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section.

Exploits (2)

github WRITEUP 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2025/CVE-2025-68721

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2025-68721, an improper access control vulnerability in Axigen WebAdmin. It describes how an admin account with no permissions can access the SSL Certificates endpoint, allowing unauthorized certificate management.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Axigen WebAdmin < 10.6.26

Auth required

Prerequisites: Admin account with no permissions · Access to the Axigen WebAdmin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP 1 stars

by osmancanvural · poc

https://github.com/osmancanvural/CVE-2025-68721

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2025-68721, an improper access control vulnerability in Axigen WebAdmin. It describes how an admin account with zero permissions can access the SSL Certificates endpoint, leading to unauthorized certificate management.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Axigen WebAdmin < 10.6.26

Auth required

Prerequisites: Admin account with no permissions · Access to the Axigen WebAdmin interface

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory

https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-Control-Vulnerability-CVE-2025-68721-_406.html

Product

https://www.axigen.com/mail-server/download/

Various Sources

https://github.com/osmancanvural/CVE-2025-68721

Scores

CVSS v3 8.1

EPSS 0.0031

EPSS Percentile 22.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

axigen/axigen_mail_server 10.3.0 - 10.5.57

Published Feb 05, 2026

Tracked Since Feb 18, 2026