TROYANOSYVIRUS
Retour aux CVEs

CVE-2025-25065

MEDIUM
5.3

Description

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.

Details CVE

Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/3/2025
Derniere modification6/11/2025
Sourcenvd
Observations honeypot0

Produits affectes

synacor:zimbra_collaboration_suite

Faiblesses (CWE)

CWE-918

References

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P43#Security_Fixes(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.