CVE-2025-25064

None

Description

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.

INFO

Published Date :

2025-02-03T00:00:00.000Z

Last Modified :

2026-02-26T19:09:26.834Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-25064 vulnerability.

Vendors	Products
Synacor	Zimbra Collaboration Suite

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25064.

URL	Resource
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact