AI description
CVE-2025-25065 is a server-side request forgery (SSRF) vulnerability found in the RSS feed parser of Zimbra Collaboration. This vulnerability affects versions 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4. Successful exploitation could allow unauthorized redirection to internal network endpoints. Zimbra has addressed this vulnerability in versions 9.0.0 Patch 43, 10.0.12, and 10.1.4, strengthening input sanitization and enhancing security. Users of affected Zimbra Collaboration versions are strongly advised to update to the patched versions as soon as possible. As of today, February 10, 2025, this information is current, but may change in the future.
- Description
- SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-918
- Hype score
- Not currently trending
Zimbra Collaboration Suite has patched critical vulnerabilities, including XSS, SQLi, and SSRF. Important to apply updates to maintain security. CVE-2025-27915, CVE-2025-25064, CVE-2025-25065. 🔒 #Zimbra #DataProtection #USA link: https://t.co/fFVt5BVFdz https://t.co/zjX96qTX5y
@TweetThreatNews
20 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
چندین آسیب پذیری مختلف برای میل سرور Zimbra منتشر شده .اولین آسیب پذیری دارای کد شناسایی CVE-2025-25064 و از نوع Sqlinjection ، آسیب پذیری دوم دارای کد شناسایی CVE-2025-25065 از نوع SSRF و آسیب پذیری سوم با کد شناسایی CVE-2024-45516 از نوع XSS می باشند. https://t.co/Poz3aKY03t
@AmirHossein_sec
11 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra's latest patch addresses three new vulnerabilities: • SQL Injection (CVE-2025-25064) exposing email metadata to authenticated attackers. • XSS vulnerability in the Classic Web Client, risking user security. • SSRF flaw (CVE-2025-25065) allowi... https://t.co/Mj11lfJarc
@IT_news_for_all
10 Feb 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra's latest patch addresses three new vulnerabilities: • SQL Injection (CVE-2025-25064) exposing email metadata to authenticated attackers. • XSS vulnerability in the Classic Web Client, risking user security. • SSRF flaw (CVE-2025-25065) allowing unauthorized redirection… h
@TheHackersNews
10 Feb 2025
11685 Impressions
21 Retweets
50 Likes
5 Bookmarks
3 Replies
3 Quotes