Skip to main content
CybersecurityVulnerability Management

Zimbra Unveils Security Patches for SQL Injection, Stored XSS, and SSRF Flaws

Zimbra Unveils Security Patches for SQL Injection, Stored XSS, and SSRF Flaws

Zimbra has announced the release of software updates to address several critical security flaws in its Collaboration software. These vulnerabilities, if exploited, could lead to significant information disclosure.

Key Vulnerability Details

  • CVE Identifier: CVE-2025-25064
  • CVSS Score: 9.8 out of 10.0
  • Type of Vulnerability: SQL injection in the ZimbraSync Service SOAP endpoint

Impact of the Vulnerability

The SQL injection flaw could allow attackers to manipulate database queries, potentially leading to unauthorized access to sensitive information under certain conditions.

Conclusion

It is crucial for Zimbra users to apply the latest updates to mitigate the risks associated with these vulnerabilities and protect their data from potential exploitation.

For more information, please refer to the source article: Zimbra Security Patches Announcement.