CVE-2025-53645

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions prior to 9.0.0 Patch 46 Zimbra Collaboration Suite versions 10.0.x prior to 10.0.15 Zimbra Collaboration Suite versions 10.1.x prior to 10.1.9

Description: The software is susceptible to a denial of service condition caused by improper handling of excessive, comma-separated path segments in the Webmail interface and the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses, leading to uncontrolled resource consumption and denial of service.

Recommendations: Update to Zimbra Collaboration Suite version 9.0.0 Patch 46 or later. Update to Zimbra Collaboration Suite version 10.0.15 or later. Update to Zimbra Collaboration Suite version 10.1.9 or later.