Vulnerabilities

CVE-2025-14500 - IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability

2025-12-24 0 views admin

CVE ID : CVE-2025-14500 Published : Dec. 23, 2025, 10:15 p.m. | 41 minutes ago Description : IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14500

Severity

CRITICAL

Published

Dec. 23, 2025

Impact: Command Injection

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14500critical

CVE-2025-14500 - IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15077 - itsourcecode Student Management System form137.php sql injection

CVE-2025-15078 - itsourcecode Student Management System list_report.php sql injection

CVE-2025-32095 - Pexip Infinity Signalling Denial of Service

CVE-2025-59683 - Pexip Infinity Improper Access Control Denial of Service

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting