vulnerability
Zimbra Collaboration: CVE-2025-25065: Collaboration: Server-Side Request Forgery (SSRF)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Feb 3, 2025 | Feb 26, 2025 | Feb 6, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Feb 3, 2025
Added
Feb 26, 2025
Modified
Feb 6, 2026
Description
SSRF vulnerability in the RSS feed parser that allowed unauthorized redirection to internal network endpoints has been resolved.
Solution
zimbra-collaboration-upgrade-latest
References
- CWE-918
- CVE-2025-25065
- https://attackerkb.com/topics/CVE-2025-25065
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P43#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.