- Description
- SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- zimbra_collaboration_suite
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
Zimbra Collaboration Suite has patched critical vulnerabilities, including XSS, SQLi, and SSRF. Important to apply updates to maintain security. CVE-2025-27915, CVE-2025-25064, CVE-2025-25065. 🔒 #Zimbra #DataProtection #USA link: https://t.co/fFVt5BVFdz https://t.co/zjX96qTX5y
@TweetThreatNews
20 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202445519 CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration https://t.co/qNb9pPvdlW
@Komodosec
12 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical #vulnerability impacting Zimbra softwares has been reported: the CVE-2025-25064. It allows an unauthenticated attacker to inject some arbitrary SQL queries. Stormshield security alert ➡️ https://t.co/Jw9vxrmii0 https://t.co/YadNF91OiR
@Stormshield
21 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra 10 SQL Injection (CVE-2025-25064) Analysis Article #CYBER #cybersecurite #liked #hackerling #FolloForFolloBack ✅Link: https://t.co/pcYdwlw3Ul https://t.co/EfFqn46AXJ
@umidcybers
19 Feb 2025
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zimbra 10 SQL Injection (CVE-2025-25064) Analysis Article https://t.co/MexkJZ7fL9 https://t.co/IUwGr537H5
@cyber_advising
18 Feb 2025
2380 Impressions
10 Retweets
45 Likes
15 Bookmarks
0 Replies
0 Quotes
"Zimbra Collaboration" proqramında kritik boşluq (CVE-2025-25064) aşkar olunub #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/5BT5TVoDSJ
@CERTAzerbaijan
12 Feb 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
چندین آسیب پذیری مختلف برای میل سرور Zimbra منتشر شده .اولین آسیب پذیری دارای کد شناسایی CVE-2025-25064 و از نوع Sqlinjection ، آسیب پذیری دوم دارای کد شناسایی CVE-2025-25065 از نوع SSRF و آسیب پذیری سوم با کد شناسایی CVE-2024-45516 از نوع XSS می باشند. https://t.co/Poz3aKY03t
@AmirHossein_sec
11 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25064 is marked as having no authentication requirements in the cvss score, but the description literally say its authenticated. CISA-ADP had to be smoking something crazy https://t.co/GS6KEIuQAV
@PsExec64
10 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug. https://t.co/5bXdpkia0s https://t.co/KxvyLu
@riskigy
10 Feb 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25064 (CVSS 9.8) - Severe SQL Injection Vulnerability in Zimbra Collaboration https://t.co/WaoeRHJMp1 #zimbra #cyber #cybsersecurity #BusinessGrowth #business #Infosec #IT #security #internet
@VAPTernInc
10 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra Collaboration faces critical vulnerabilities (CVE-2025-25064, CVSS 9.8) allowing SQL injection and unauthorized access. Users should update to protect sensitive data. 🚨💻 #Zimbra #SQLInjection #USA link: https://t.co/ZoN8mysHX1 https://t.co/wf1eo65ny7
@TweetThreatNews
10 Feb 2025
55 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25064 impacts Zimbra with SQL Injection #Zimbra #CVE-2025-25064 https://t.co/luQfiUM6MK
@pravin_karthik
10 Feb 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zimbra has rolled out critical updates addressing SQL injection (CVE-2025-25064) and stored XSS vulnerabilities, alongside a medium-severity SSRF flaw. Users encouraged to upgrade for enhanced security. 🔒 #Zimbra #InformationSecurity link: https://t.co/bGgzJjatFx https://t.co/B
@TweetThreatNews
10 Feb 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration 🎯519+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/iLr73S1Vwg FOFA Query:app="Zimbra-Collaboration-Suite" 🔖Refer:https://t.co/9zm7G9VHpy #OSINT… htt
@fofabot
10 Feb 2025
1206 Impressions
6 Retweets
14 Likes
6 Bookmarks
0 Replies
0 Quotes
Zimbra's latest patch addresses three new vulnerabilities: • SQL Injection (CVE-2025-25064) exposing email metadata to authenticated attackers. • XSS vulnerability in the Classic Web Client, risking user security. • SSRF flaw (CVE-2025-25065) allowi... https://t.co/Mj11lfJarc
@IT_news_for_all
10 Feb 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zimbra's latest patch addresses three new vulnerabilities: • SQL Injection (CVE-2025-25064) exposing email metadata to authenticated attackers. • XSS vulnerability in the Classic Web Client, risking user security. • SSRF flaw (CVE-2025-25065) allowing unauthorized redirection… h
@TheHackersNews
10 Feb 2025
11685 Impressions
21 Retweets
50 Likes
5 Bookmarks
3 Replies
3 Quotes
CVE-2025-25064, -25065: Two vulnerabilities in Zimbra, 5.3 - 9.8 rating 🔥 Vulns include SQLi and SSRF, which could potentially lead to RCE. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/ETW5EAdP0f #cybersecurity #vulnerability_map https://t.co/zOWzsRsJBk https://t
@Netlas_io
10 Feb 2025
1131 Impressions
2 Retweets
18 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration 📊 420K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/fhG5begTAR 👇Query HUNTER : https://t.co/q9rtuGfZuz="Zimbra" FOFA : product="zimbra-Mail-System"…
@HunterMapping
10 Feb 2025
4413 Impressions
32 Retweets
83 Likes
33 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration 📊 420K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/fhG5begTAR👇Query HUNTER : https://t.co/q9rtuGfZuz="Zimbra" FOFA : product="zimbra-Mail-System"… h
@HunterMapping
10 Feb 2025
116 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Zimbra Collaborationに重大(Critical)な脆弱性。CVE-2025-25064はCVSSスコア9.8で、ZimbraSync ServiceのSOAPエンドポイントにおけるSQLインジェクション。任意SQLクエリの実行によりメールのメタデータ窃取が可能。 https://t.co/dHjr6Pom4v
@__kokumoto
10 Feb 2025
281 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-25064 (CVSS 9.8): Critical SQL Injection Bug in Zimbra Collaboration https://t.co/MsQCX4Yna2
@Dinosn
10 Feb 2025
1995 Impressions
4 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-25064 SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4. https://t.co/zeoVSKZWtq
@CVEnew
3 Feb 2025
319 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E603BD7A-730E-410C-BBE1-3E5A8DD2A72F",
"versionEndExcluding": "10.0.12",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55361360-9F77-4731-82AD-82E65E4C5AA0",
"versionEndExcluding": "10.1.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]