Zimbra Multiple Vulnerabilities

Release Date: 8 Jul 2025

RISK: Extremely High Risk

TYPE: Servers - Internet App Servers

Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and cross-site scripting on the targeted system.

Note:

CVE-2019-9621 is being exploited in the wild. Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. Hence, the risk level is rated as Extremely High Risk.

Impact

Remote Code Execution
Denial of Service
Cross-Site Scripting

System / Technologies affected

Zimbra Collaboration Suite up to and excluding 8.6.0
Zimbra Collaboration Suite from including 8.7.0 up to and excluding 8.7.11
Zimbra Collaboration Suite from including 8.8.0 up to and excluding 8.8.10

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

2025年7月8日星期二