CVE-2025-25064 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient s…
High CVSS: 8.8

CVE-2025-25064

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.
Vendor
Synacor
Product
Zimbra Collaboration Suite
CWE
CWE-89
Yayın Tarihi
2025-02-03 20:15:37
Güncelleme
2025-06-11 21:18:03
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-89 Zimbra Collaboration Suite HIGH Synacor 2025

Referanslar

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.12#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories