CVE-2025-25065

Q: What is the severity of CVE-2025-25065?

CVE-2025-25065 has a CVSS score of 5.3 (MEDIUM). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration's RSS feed parser. It allows attackers to redirect requests to internal network endpoints, potentially accessing sensitive internal services. Affected users are those running Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, or 10.1.x before 10.1.4.

5.3 MEDIUM

SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration's RSS feed parser. It allows attackers to redirect requests to internal network endpoints, potentially accessing sensitive internal services. Affected users are those running Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, or 10.1.x before 10.1.4.

💻 Affected Systems

Products:

Zimbra Collaboration

Versions: 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires RSS feed functionality to be enabled/used.

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

Zimbra Collaboration Suite by Synacor

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RSS Feed Parser

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities