CVE-2025-40630

MEDIUM Year: 2025
Weakness Type
CWE-601
View all ā†’

Vulnerability Description

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example ā€œ https://icewarp.domain.com//<MALICIOUS_DOMAIN>/%2e%2eā€ https://icewarp.domain.com///%2e%2eā€ . This vulnerability has been tested in Firefox.

Related Vulnerabilities

CVE-2022-31657

CRITICAL
CVSS:9.8(Critical)

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

CWE-6012022

CVE-2024-22891

CRITICAL
CVSS:9.8(Critical)

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

CWE-6012024

CVE-2022-40083

CRITICAL
CVSS:9.6(Critical)

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery ...

CWE-6012022

CVE-2022-41559

CRITICAL
CVSS:9.3(Critical)

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on t...

CWE-6012022

CVE-2017-8989

CRITICAL
CVSS:9.1(Critical)

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

CWE-6012017

CVE-2024-33661

CRITICAL
CVSS:9.1(Critical)

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

CWE-6012024