Primary

Context

Zimbra Collaboration Server-Side Request Forgery Vulnerability in Chat Proxy Configuration

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Zimbra Collaboration (ZCS) versions prior to 10.1.12. The vulnerability arises from the chat proxy configuration, allowing unauthorized requests to internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal services or resources, potentially leading to unauthorized access or information disclosure.

Remediation

Users are advised to upgrade to Zimbra Collaboration version 10.1.12, which addresses this vulnerability. Instructions for upgrading can be found on the Zimbra Wiki.

Added: Oct 21, 2025, 5:17 PM

Updated: Oct 21, 2025, 7:43 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.4

exploitability

5.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.4

exploitability

5.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zimbra Collaboration Server-Side Request Forgery Vulnerability in Chat Proxy Configuration

Vulnerability

Impact

Remediation

Affected Products

Zimbra Collaboration

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating