CVE-2025-14500

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

EUVD-2025-205006

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling o...

CVE-2025-14500

IceWarp14 is affected by a remote code execution vulnerability in the X-File-Operation header handling. The flaw stems from insufficient validation of a user-supplied string used to invoke a system call, allowing an attacker to execute code in the context of SYSTEM without authentication. This is...

IceWarp 操作系统命令注入漏洞

IceWarp is an integrated enterprise communication and collaboration platform from IceWarp, a Czech company, designed to provide organizations with a variety of tools and features to support internal and external communication, collaboration and business processes. IceWarp suffers from an operatin...