CVE-2025-40632

Published May 16, 2025

Last updated a month ago

CVSS low 2.0

Overview

Description
Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.
Source
cve-coordination@incibe.es
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
LOW

Weaknesses

cve-coordination@incibe.es
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-40632 Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious Java… https://t.co/4OhYO2BTTw

    @CVEnew

    17 May 2025

    194 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.