CVE-2025-25065

None

Description

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.

INFO

Published Date :

2025-02-03T00:00:00.000Z

Last Modified :

2025-03-13T20:47:30.615Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-25065 vulnerability.

Vendors	Products
Synacor	Zimbra Collaboration Suite

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25065.

URL	Resource
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P43#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact