Zimbra Multiple Vulnerabilities

Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and cross-site scripting on the targeted system.

Note:

CVE-2019-9621 is being exploited in the wild. Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. Hence, the risk level is rated as Extremely High Risk.

RISK: Extremely High Risk

TYPE: Servers – Internet App Servers

Impact

Remote Code Execution
Denial of Service
Cross-Site Scripting

System / Technologies affected

Zimbra Collaboration Suite up to and excluding 8.6.0
Zimbra Collaboration Suite from including 8.7.0 up to and excluding 8.7.11
Zimbra Collaboration Suite from including 8.8.0 up to and excluding 8.8.10

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link

[GLOBAL] – Ransomware Victim: loraincountyauditor[.]gov

[PLAY] – Ransomware Victim: Hulberg & Associates

[AKIRA] – Ransomware Victim: McKenzie Commercia

[PLAY] – Ransomware Victim: Rockrose Development

CVE Alert: CVE-2025-7529

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link

You may have missed

[GLOBAL] – Ransomware Victim: loraincountyauditor[.]gov

[PLAY] – Ransomware Victim: Hulberg & Associates

[AKIRA] – Ransomware Victim: McKenzie Commercia

[PLAY] – Ransomware Victim: Rockrose Development

CVE Alert: CVE-2025-7529