CVE Catalog

CVE-2025-44148

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
49.70%

99th percentile - higher than 99% of all known CVEs

Summary

Cross Site Scripting (XSS) vulnerability in MailEnable before version 10 allows a remote attacker to execute arbitrary code via the failure.aspx component.

Risk Assessment

An attacker can inject malicious scripts, leading to session theft, user account compromise, or malware distribution within the organization.

Recommendation

Immediately upgrade MailEnable to version 10 or later and implement input filtering on the failure.aspx component.

Original NVD description (English source)

Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS