CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration

Summary: Zimbra Collaboration has been found to have two critical security vulnerabilities, CVE-2025-25064 and CVE-2025-25065, that could allow attackers unauthorized access to sensitive data. The first vulnerability involves a critical SQL injection risk, while the second is a moderate SSRF vulnerability. Users are strongly advised to update their systems to mitigate these risks.

Affected: Zimbra Collaboration

Keypoints :

CVE-2025-25064 (CVSS 9.8) allows SQL injection through a vulnerable user-supplied parameter.
CVE-2025-25065 (CVSS 5.3) enables unauthorized internal network redirection via SSRF.
Previous vulnerabilities highlight Zimbra’s status as a frequent target for cybercriminals.
Patches have been released, urging immediate updates from users to secure their systems.

Source: https://securityonline.info/cve-2025-25064-cvss-9-8-critical-sql-injection-bug-in-zimbra-collaboration/

Tags: EMAIL, CVE, VULNERABILITY, EXPLOIT, PATCH, SQL INJECTION