Fixed Intel

CVE-2025-14500

Info

Description

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394.

Weakness Classification (CWE)

CWE-78OS Command InjectionMITRE

Related Articles (1)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

References (1)

https://www.zerodayinitiative.com/advisories/ZDI-25-1072/zdi-disclosures@trendmicro.com

Risk Assessment

STANDARD

No elevated risk factors detected.

Details

Severity
Info
CWE
CWE-78
CISA KEV
No
Articles
1

Timeline

Published

Dec 23, 2025

External Links

NVD (NIST)CVE DetailsMITRE CVE