CVE-2025-62763

Published: Oct 21, 2025Modified: Dec 8, 2025

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Exploitability: 3.1 / Impact: 1.4

Source: MITRE (Secondary)

Description

Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (5)

https://blog.zimbra.com/2025/10/patch-release-update-zimbra-10-1-12/

Source: cve@mitre.org

https://wiki.zimbra.com/wiki/Security_Center

Source: cve@mitre.org

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.12

Source: cve@mitre.org

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.12#Security_Fixes

Source: cve@mitre.org

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Source: cve@mitre.org

Timeline

No history available yet.