Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

2025-02-10 09:09

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting

News URL

https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html

#security #SQL #ssrf #update #vulnerabilities #XSS #zimbra #CVE-2025-25064

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-03	CVE-2025-25064	SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zimbra		7	0	40	15	8	63

News URL

Related news

Related Vulnerability

Related vendor