CVE-2025-25065

moderate-risk
Published 2025-02-03

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.

Do I need to act?

-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Synacor

References (4)

Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes
Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes
Release Notes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P43#Security_Fixes
Vendor Advisory https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
48
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 2/34 · Minimal
Exposure 25/34 · High