CVE-2025-32354
Published Apr 29, 2025
Last updated 25 days ago
- Description
- In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
A critical CSRF vulnerability (CVE-2025-32354) in Zimbra Collaboration Suite (versions 9.0 to 10.1) allows session hijacking and data theft. Users urged to upgrade for protection. ⚠️ #Zimbra #EmailSecurity #USA link: https://t.co/emeoRgxL5n https://t.co/xppHys5ohn
@TweetThreatNews
1 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Zimbra Collaboration Suite GraphQL CSRF Vulnerability (CVE-2025-32354) 📅 Timeline: Disclosure: 2025-04-29, Patch: 2025-05-01 (Zimbra 10.1.4) 🆔 **CVE ID:** CVE-2025-32354 📊 **CVSS Severity:** High 🟠 📂 **Affected Versions:** -
@syedaquib77
30 Apr 2025
30 Impressions
0 Retweets
1 Like
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-32354 In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbr… https://t.co/BArDqj1yGy
@CVEnew
29 Apr 2025
287 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes