CVE-2025-25065

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions 9.0.0 through 9.0.0 before Patch 43 Zimbra Collaboration versions 10.0.x through 10.0.11 Zimbra Collaboration versions 10.1.x through 10.1.3

Description The issue concerns a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed parser. This vulnerability allows unauthorized redirection to internal network endpoints.

Recommendations For Zimbra Collaboration version 9.0.0, apply Patch 43 to resolve the issue. For Zimbra Collaboration versions 10.0.x, update to version 10.0.12 or later. For Zimbra Collaboration versions 10.1.x, update to version 10.1.4 or later.