CVE-2025-49028

Name of the Vulnerable Software and Affected Versions Zoho ZeptoMail versions n/a through 3.3.1

Description A Cross-Site Request Forgery (CSRF) issue exists in Zoho ZeptoMail, also allowing for Stored Cross-Site Scripting (XSS). The issue impacts the way requests are handled, potentially allowing an attacker to perform actions on behalf of an authenticated user without their knowledge.

Recommendations Versions prior to 3.3.1 should be updated.