CVE-2025-25064

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-25064
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25064.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-25064
Published
2025-02-03T20:15:37.257Z
Modified
2026-04-12T14:45:04.272652Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Introduced
52b539ef205db233bfd8116e8130e27735b4153c
Fixed
16fcfbde0910368571419d9becd0401a95af6e7f
Database specific 
{
    "versions": [
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/zimbra/zm-mailbox
Events
Introduced
8033bd1ec9d7211c2eb5fa71aeb3b4073a8dc160
Fixed
36b0176b086d3ced0cd751ec0aca4d9869574496
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.12"
        }
    ]
}

Affected versions

10.*
10.0.0-GA
10.0.1
10.0.11
10.0.2
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.1

Database specific

vanir_signatures_modified 
"2026-04-12T14:45:04Z"
vanir_signatures 
[
    {
        "id": "CVE-2025-25064-2802cfab",
        "target": {
            "file": "store/src/java/com/zimbra/cs/service/account/ChangePassword.java",
            "function": "handle"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "250239021129922179859369307689305685860",
            "length": 2910.0
        },
        "signature_type": "Function",
        "source": "https://github.com/zimbra/zm-mailbox/commit/36b0176b086d3ced0cd751ec0aca4d9869574496",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2025-25064-8d17d1e8",
        "target": {
            "file": "store/src/java/com/zimbra/cs/service/account/ChangePassword.java"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "100352541356968744543459554936932541435",
                "34980778564753151690669805825885263298",
                "163615395104885010895005793672519100036",
                "324766885195200298088869019113793247780"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/zimbra/zm-mailbox/commit/36b0176b086d3ced0cd751ec0aca4d9869574496",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25064.json"