CNNVD-202512-4035 Information

CNNVD ID

CNNVD-202512-4035

Related CVE

CVE-2025-14500

• CNNVD Published: 2025-12-23

Description (Chinese)

IceWarp是捷克爱思华宝（IceWarp）公司的一种集成式的企业通信和协作平台，旨在为组织提供各种工具和功能，以支持内部和外部沟通、协作和业务流程。 IceWarp存在操作系统命令注入漏洞，该漏洞源于对X-File-Operation标头处理不当，可能导致命令注入和远程代码执行。

Description (English)

IceWarp is an integrated corporate communication and collaborative platform of the Czech company IceWarp, designed to provide the organization with tools and functions to support internal and external communication, collaboration and business processes. IceWarp has an operational system command leak, which results from inappropriate handling of the X-File-Operation beacon, which may lead to command injection and remote code execution.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

爱思华宝

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1072/

Patch

https://www.icewarp.com/downloads/