CVE-2025-25065

Published Feb 3, 2025

Last updated 7 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-25065 is a server-side request forgery (SSRF) vulnerability found in the RSS feed parser of Zimbra Collaboration. This vulnerability affects versions 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4. Successful exploitation could allow unauthorized redirection to internal network endpoints. Zimbra has addressed this vulnerability in versions 9.0.0 Patch 43, 10.0.12, and 10.1.4, strengthening input sanitization and enhancing security. Users of affected Zimbra Collaboration versions are strongly advised to update to the patched versions as soon as possible. As of today, February 10, 2025, this information is current, but may change in the future.

Description: SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
Source: cve@mitre.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-918

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 4

Overview

AI description

Risk scores

CVSS 3.1

Weaknesses

Social media

References