Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

Key Points:

• A critical remote code execution (RCE) vulnerability (CVE-2025-14500) in IceWarp allows unauthenticated attackers to execute arbitrary OS commands on unpatched servers.
• Over 1,200 internet-facing IceWarp instances remain vulnerable, affecting both Windows and Linux deployments. The vulnerability arises from improper validation of user-supplied data in the X-File-Operation header.
• Immediate patching is recommended for all affected systems to prevent potential exploitation. Organizations should back up their servers before upgrading.

Technical Details: CVE-2025-14500 is an OS command injection vulnerability that permits remote attackers to execute commands with SYSTEM or root privileges due to a lack of authentication.

MITRE ATT&CK Techniques:

• T1203 - Exploitation for Client Execution (Initial Access)
• T1068 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned: None mentioned.