CVE-2025-27915 - Vulnerability Details

Vendors	Products
Zimbra	Collaboration

Link	Providers
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes

Type	Values Removed	Values Added
First Time appeared		Zimbra Zimbra collaboration
CPEs		cpe:2.3:a:zimbra:collaboration:::::::: cpe:2.3:a:zimbra:collaboration:9.0.0:-:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p0:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p10:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p11:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p12:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p13:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p14:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p15:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p16:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p19:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p1:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p20:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p21:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p23:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p24:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p25:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p26:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p27:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p28:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p29:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p2:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p30:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p31:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p32:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p33:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p34:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p35:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p36:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p37:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p38:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p39:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p3:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p40:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p41:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p42:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p43:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p4:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p5:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p6:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p7:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p8:::::: cpe:2.3:a:zimbra:collaboration:9.0.0:p9::::::
Vendors & Products		Zimbra Zimbra collaboration

Type	Values Removed	Values Added
Weaknesses		CWE-79
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
References		https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes

Show plain JSON

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-27915", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-12T15:47:06.195Z", "dateReserved": "2025-03-10T00:00:00.000Z", "datePublished": "2025-03-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-12T14:31:38.012Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-12T15:46:08.709963Z", "id": "CVE-2025-27915", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T15:47:06.195Z"}}]}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2025-27915 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2025-03-12T15:47:06.195Z (string)

dateReserved : 2025-03-10T00:00:00.000Z (string)

datePublished : 2025-03-12T00:00:00.000Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2025-03-12T14:31:38.012Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://wiki.zimbra.com/wiki/Security_Center (string)

}

1 : { »

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes (string)

}

2 : { »

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes (string)

}

3 : { »

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-79 (string)

lang : en (string)

description : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 5.4 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : LOW (string)

confidentialityImpact : LOW (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-12T15:46:08.709963Z (string)

id : CVE-2025-27915 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-12T15:47:06.195Z (string)

}

]

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-27915", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-12T15:46:08.709963Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-12T15:46:57.370Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-12T14:31:38.012Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27915", "state": "PUBLISHED", "dateUpdated": "2025-03-12T15:47:06.195Z", "dateReserved": "2025-03-10T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-12T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 5.4 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : LOW (string)

confidentialityImpact : LOW (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2025-27915 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-12T15:46:08.709963Z (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-79 (string)

description : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-12T15:46:57.370Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : https://wiki.zimbra.com/wiki/Security_Center (string)

}

1 : { »

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes (string)

}

2 : { »

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes (string)

}

3 : { »

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2025-03-12T14:31:38.012Z (string)

}

cveMetadata : { »

cveId : CVE-2025-27915 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-12T15:47:06.195Z (string)

dateReserved : 2025-03-10T00:00:00.000Z (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2025-03-12T00:00:00.000Z (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C6FE250-3D65-4EE0-B8B3-09466C31021D", "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7A59D9D-6B4E-4A2B-B3F7-9386C3972A53", "versionEndExcluding": "10.1.5", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*", "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*", "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*", "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*", "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*", "matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*", "matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*", "matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*", "matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*", "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*", "matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*", "matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*", "matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*", "matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p28:*:*:*:*:*:*", "matchCriteriaId": "511B2BB8-6070-44AA-8800-963DBCBAF0EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p29:*:*:*:*:*:*", "matchCriteriaId": "49BBB2B4-571D-46B1-8569-12A65D0DF3D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*", "matchCriteriaId": "FD1DCE2B-D944-43AE-AD0E-9282DE6D618F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*", "matchCriteriaId": "2079B9F8-128B-487D-A965-E8B37FDF6304", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*", "matchCriteriaId": "9679FD62-815E-47A8-8552-D28CE48B82B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*", "matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*", "matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*", "matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*", "matchCriteriaId": "5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*", "matchCriteriaId": "9684AC81-B557-4292-8402-AE55CB2E613C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*", "matchCriteriaId": "32A352C4-0E9C-436F-ADA7-D93492A18037", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:*", "matchCriteriaId": "ABCA8698-AB88-4A6D-BD2B-DB22AEED6536", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p40:*:*:*:*:*:*", "matchCriteriaId": "CEE1CBDD-F205-4EA7-9E8B-5527BC134C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p41:*:*:*:*:*:*", "matchCriteriaId": "101B7CC5-A583-44F2-AA4B-C055CBD8D86B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p42:*:*:*:*:*:*", "matchCriteriaId": "8944F361-509A-4CCC-90AE-50B203EBFE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p43:*:*:*:*:*:*", "matchCriteriaId": "BAE8926F-C6E3-49F9-B46D-DE6CD2AB9D95", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*", "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*", "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*", "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*", "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0, 10.0 y 10.1. Existe una vulnerabilidad de cross site scripting (XSS) almacenado en el cliente web cl\u00e1sico debido a una depuraci\u00f3n insuficiente del contenido HTML en los archivos ICS. Cuando un usuario visualiza un mensaje de correo electr\u00f3nico que contiene una entrada ICS maliciosa, su JavaScript incrustado se ejecuta mediante un evento ontoggle dentro de una etiqueta . Esto permite a un atacante ejecutar JavaScript arbitrario en la sesi\u00f3n de la v\u00edctima, lo que podr\u00eda provocar acciones no autorizadas, como configurar filtros de correo electr\u00f3nico para redirigir los mensajes a una direcci\u00f3n controlada por el atacante. Como resultado, un atacante puede realizar acciones no autorizadas en la cuenta de la v\u00edctima, como la redirecci\u00f3n de correo electr\u00f3nico y la exfiltraci\u00f3n de datos."}], "id": "CVE-2025-27915", "lastModified": "2025-04-02T20:38:25.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-12T15:15:39.900", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4C6FE250-3D65-4EE0-B8B3-09466C31021D (string)

versionEndExcluding : 10.0.13 (string)

versionStartIncluding : 10.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B7A59D9D-6B4E-4A2B-B3F7-9386C3972A53 (string)

versionEndExcluding : 10.1.5 (string)

versionStartIncluding : 10.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 685D9652-2934-4C13-8B36-40582C79BFC1 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:* (string)

matchCriteriaId : 5E4DF01A-1AA9-47E8-82FD-65A02ECA1376 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:* (string)

matchCriteriaId : BDE59185-B917-4A81-8DE4-C65A079F52FE (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:* (string)

matchCriteriaId : BA3ED95F-95F2-4676-8EAF-B4B9EB64B260 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:* (string)

matchCriteriaId : 4BB93336-CC3C-4B7F-B194-7DED036ABBAF (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:* (string)

matchCriteriaId : 876F1675-F65C-4E86-ADBD-36EB8D8A997D (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:* (string)

matchCriteriaId : 2306F526-9C56-4A57-AA9B-02F2D6058C97 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:* (string)

matchCriteriaId : F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:* (string)

matchCriteriaId : C77A35B7-96F6-43A7-A747-C6AEEDE961E1 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:* (string)

matchCriteriaId : DC35882B-E709-42D8-8800-F1B734CEAFC3 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:* (string)

matchCriteriaId : B7A47276-F241-4A68-9458-E1481EBDC5E6 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:* (string)

matchCriteriaId : 12D0D469-6C9B-4B66-9581-DC319773238A (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:* (string)

matchCriteriaId : 40629BEB-DF4B-4FB8-8D3D-7BAC43C90766 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:* (string)

matchCriteriaId : 9503131F-CC23-4545-AE9C-9714B287CC25 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:* (string)

matchCriteriaId : B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:* (string)

matchCriteriaId : 8113A4E3-AA96-4382-815D-6FD88BA42EC5 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:* (string)

matchCriteriaId : DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:* (string)

matchCriteriaId : BC19F11D-23D9-429D-A957-D67F23A40A01 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:* (string)

matchCriteriaId : AAFA2EE7-C965-4F27-8CAE-E607A9F202AD (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:* (string)

matchCriteriaId : 1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p28:*:*:*:*:*:* (string)

matchCriteriaId : 511B2BB8-6070-44AA-8800-963DBCBAF0EA (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p29:*:*:*:*:*:* (string)

matchCriteriaId : 49BBB2B4-571D-46B1-8569-12A65D0DF3D2 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:* (string)

matchCriteriaId : C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:* (string)

matchCriteriaId : FD1DCE2B-D944-43AE-AD0E-9282DE6D618F (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:* (string)

matchCriteriaId : 2079B9F8-128B-487D-A965-E8B37FDF6304 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:* (string)

matchCriteriaId : 9679FD62-815E-47A8-8552-D28CE48B82B2 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:* (string)

matchCriteriaId : D659AE6A-591E-4D5B-9781-9648250F5576 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:* (string)

matchCriteriaId : E4054E3E-561C-4B1C-A615-3CCE5CB69D77 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:* (string)

matchCriteriaId : 4FA0E9C4-25E4-4CD6-B88A-02B413385866 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:* (string)

matchCriteriaId : 5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:* (string)

matchCriteriaId : 9684AC81-B557-4292-8402-AE55CB2E613C (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:* (string)

matchCriteriaId : 32A352C4-0E9C-436F-ADA7-D93492A18037 (string)

vulnerable : true (boolean)

}

34 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:* (string)

matchCriteriaId : ABCA8698-AB88-4A6D-BD2B-DB22AEED6536 (string)

vulnerable : true (boolean)

}

35 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:* (string)

matchCriteriaId : 33F50D8C-7027-4A8D-8E95-98C224283772 (string)

vulnerable : true (boolean)

}

36 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p40:*:*:*:*:*:* (string)

matchCriteriaId : CEE1CBDD-F205-4EA7-9E8B-5527BC134C74 (string)

vulnerable : true (boolean)

}

37 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p41:*:*:*:*:*:* (string)

matchCriteriaId : 101B7CC5-A583-44F2-AA4B-C055CBD8D86B (string)

vulnerable : true (boolean)

}

38 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p42:*:*:*:*:*:* (string)

matchCriteriaId : 8944F361-509A-4CCC-90AE-50B203EBFE97 (string)

vulnerable : true (boolean)

}

39 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p43:*:*:*:*:*:* (string)

matchCriteriaId : BAE8926F-C6E3-49F9-B46D-DE6CD2AB9D95 (string)

vulnerable : true (boolean)

}

40 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:* (string)

matchCriteriaId : 82000BA4-1781-4312-A7BD-92EC94D137AE (string)

vulnerable : true (boolean)

}

41 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:* (string)

matchCriteriaId : 4B52D301-2559-457A-8FFB-F0915299355A (string)

vulnerable : true (boolean)

}

42 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:* (string)

matchCriteriaId : 7215AE2C-8A33-4AB9-88D5-7C8CD11E806C (string)

vulnerable : true (boolean)

}

43 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:* (string)

matchCriteriaId : 8D859F77-8E39-4D46-BC90-C5C1D805A666 (string)

vulnerable : true (boolean)

}

44 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:* (string)

matchCriteriaId : CDC810C7-45DA-4BDF-9138-2D3B2750243E (string)

vulnerable : true (boolean)

}

45 : { »

criteria : cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:* (string)

matchCriteriaId : E09D95A4-764D-4E0B-8605-1D94FD548AB2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration. (string)

}

1 : { »

lang : es (string)

value : Se descubrió un problema en Zimbra Collaboration (ZCS) 9.0, 10.0 y 10.1. Existe una vulnerabilidad de cross site scripting (XSS) almacenado en el cliente web clásico debido a una depuración insuficiente del contenido HTML en los archivos ICS. Cuando un usuario visualiza un mensaje de correo electrónico que contiene una entrada ICS maliciosa, su JavaScript incrustado se ejecuta mediante un evento ontoggle dentro de una etiqueta . Esto permite a un atacante ejecutar JavaScript arbitrario en la sesión de la víctima, lo que podría provocar acciones no autorizadas, como configurar filtros de correo electrónico para redirigir los mensajes a una dirección controlada por el atacante. Como resultado, un atacante puede realizar acciones no autorizadas en la cuenta de la víctima, como la redirección de correo electrónico y la exfiltración de datos. (string)

}

]

id : CVE-2025-27915 (string)

lastModified : 2025-04-02T20:38:25.487 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2025-03-12T15:15:39.900 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

]

url : https://wiki.zimbra.com/wiki/Security_Center (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

]

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

]

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

]

url : https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object