CVE-2025-14500

Published Dec 23, 2025

Last updated 7 days ago

CVSS critical 9.8

Overview

Description
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394.
Source
zdi-disclosures@trendmicro.com
NVD status
Deferred

Risk scores

CVSS 3.0

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

zdi-disclosures@trendmicro.com
CWE-78

Social media

Hype score
Not currently trending

  1. csirt_it: ‼️ #IceWarp: disponibile #PoC per lo sfruttamento della CVE-2025-14500 Rischio: 🟠 Tipologia 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/xbDeoh5ur8 ⚠ Importante aggiornare i software interessati https://t.co/vxJ9mCh1nF

    @Vulcanux_

    18 Mar 2026

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ‼️ #IceWarp: disponibile #PoC per lo sfruttamento della CVE-2025-14500 Rischio: 🟠 Tipologia 🔸 Remote Code Execution 🔸 Authentication Bypass 🔗 https://t.co/y3H4c3HxWC ⚠ Importante aggiornare i software interessati https://t.co/623bQvDTi6

    @csirt_it

    18 Mar 2026

    214 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. csirt_it: ‼️ #IceWarp: disponibile #PoC per lo sfruttamento della CVE-2025-14500 Rischio: 🟠 Tipologia 🔸Remote Code Execution 🔸Authentication Bypass 🔸Security Restrictions Bypass 🔗 https://t.co/xbDeoh5ur8 ⚠ Importante aggiornare i software inter… https:/

    @Vulcanux_

    18 Mar 2026

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) https://t.co/zGfQYssgzw

    @lcopelandjr

    6 Mar 2026

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) https://t.co/d3dIQB0e4v

    @bteater51

    5 Mar 2026

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Over 1,200 IceWarp servers remain exposed to CVE-2025-14500, an unauthenticated RCE flaw. EU-heavy install base makes this a quiet but serious exposure. If your org uses IceWarp for email or collaboration, verify your patch status today.

    @OscarOPS

    5 Mar 2026

    84 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Over 1,200 #IceWarp #servers still vulnerable to unauthenticated RCE flaw (#CVE-2025-14500) https://t.co/fMzqoINsV2

    @ScyScan

    5 Mar 2026

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 1,200台以上のIceWarpサーバーが、認証されていないリモートコード実行の脆弱性(CVE-2025-14500)に対して依然として脆弱です Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) #HelpNetSecurity (Mar 4

    @foxbook

    5 Mar 2026

    290 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) https://t.co/t9qsi23l7B

    @Whitehead4Jeff

    4 Mar 2026

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Más de 1200 servidores IceWarp siguen siendo vulnerables a la falla RCE no autenticada (CVE-2025-14500). El fallo permite a atacantes tomar control total de servidores de correo. Si usas IceWarp ¡actualiza a la versión 13.0.4 de inmediato! #ciberseguridad https://t.co/W8FDaJ7

    @EHCGroup

    4 Mar 2026

    154 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) https://t.co/oDDijNB9yL #HelpNetSecurity #Cybersecurity https://t.co/owMfvGS6a5

    @PoseidonTPA

    4 Mar 2026

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) https://t.co/VRRkU0LQkD

    @TheCyberSecHub

    4 Mar 2026

    628 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Over 1,200 IceWarp Servers Still Exposed to Pre-Auth RCE Flaw (CVE-2025-14500) A critical unauthenticated OS command injection in IceWarp’s handling of the `X-File-Operation` HTTP header (CVE-2025-14500) allows remote attackers to run arbitrary commands as SYSTEM/root on

    @ThreatSynop

    4 Mar 2026

    103 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Over 1,200 #IceWarp servers still vulnerable to unauthenticated RCE flaw (#CVE-2025-14500) https://t.co/kvYCHyZZVy https://t.co/V26QLUDT1m

    @evanderburg

    4 Mar 2026

    129 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500): A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain… https://t.co/syADwXJYhk https

    @shah_sheikh

    4 Mar 2026

    251 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  16. Top 5 Trending CVEs: 1 - CVE-2026-21513 2 - CVE-2025-14500 3 - CVE-2026-21236 4 - CVE-2026-2441 5 - CVE-2026-3223 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    3 Mar 2026

    164 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. We are scanning & reporting IceWarp CVE-2025-14500 (CVSS 9.8, pre-auth command injection RCE) instances. 1278 IPs seen 2026-03-01 (version based check). Patch info: https://t.co/YV3Vx4eb2S IP data in https://t.co/qxv0Gv5ELc Dashboard World Map view: https://t.co/ovUiL5AY3

    @Shadowserver

    2 Mar 2026

    4355 Impressions

    16 Retweets

    36 Likes

    14 Bookmarks

    2 Replies

    0 Quotes

  18. Warning: Critical OS Command Injection vulnerability in #IceWarp. #CVE-2025-14500 (CVSS: 9.8). Unauthenticated attackers can achieve complete system compromise #RCE #Patch #Patch #Patch More info: https://t.co/Tus9dx7VH1

    @CCBalert

    20 Feb 2026

    343 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  19. 🔴 CVE-2025-14500 - Critical IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp... https://t.co/HfM2lQPFxe https://t.co/1g41edp6j5

    @TheHackerWire

    23 Dec 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.