SSRF Vulnerability in Zimbra Collaboration Software
CVE-2025-25065

5.3MEDIUM

Key Information:

Vendor: Zimbra
Status: Zimbra Collaboration
Vendor: CVE Published:; 3 February 2025

🔔 Create Zimbra Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-25065?

A server-side request forgery (SSRF) vulnerability exists in the RSS feed parser of Zimbra Collaboration software, exposing sensitive internal network endpoints to unauthorized redirection. This flaw affects versions prior to Patch 43 for Zimbra Collaboration 9.0.0 and versions prior to 10.0.12 in 10.0.x and 10.1.4 in 10.1.x. Exploitation of this vulnerability could allow attackers to exploit misconfigurations or obtain sensitive internal data, emphasizing the importance of applying the latest security patches.

News Articles

CybersecurityNews

CVE-2025-25064 CVE-2025-25065

Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities.

thmubnail image

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Secur...

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Secu...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CybersecurityNews
Feb 10, 2025
Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Feb 3, 2025

.

CVE-2025-25065 : SSRF Vulnerability in Zimbra Collaboration Software