CVE-2025-25065

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-25065
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25065.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-25065
Published
2025-02-03T20:15:37.370Z
Modified
2026-04-12T14:45:04.751420Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b6cd8f69d2761c014d4a3807f0bdee0011386444
Introduced
52b539ef205db233bfd8116e8130e27735b4153c
Fixed
16fcfbde0910368571419d9becd0401a95af6e7f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b6cd8f69d2761c014d4a3807f0bdee0011386444
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5561a39cba0898c3bb5e188284d98f498d7a3c9a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5561a39cba0898c3bb5e188284d98f498d7a3c9a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d3209df466110d214b2ab6593f931a59c2127db8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8a93da38fd1572d864c1becbcc772ba91ee4403
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
202d83762fca70b7403c144e1fedddc6cd4930a6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a163a5dc09ec091fed86421118ec56c90384997a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b2faf1c074bf6e2f4f76acd11b9ad5a0b4caec40
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0bea2f7ec388cc09cb3de4ee93344df2695b91a8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9173353f25559ed524c7a40c799056c01c3418d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c27b145236b09c5487259d943dd54ffdea0ccbb3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8d7f3750f42f0a59d61c1b44d8df1000a52ce9f2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bc50e7d47c56532b226a1c88c8011127e006940b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
03d99a16095b73a73770fbb6131d10234cfc13fd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bcb978ccc354d99d843725886083e321759b6765
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "9.0.0"
        },
        {
            "introduced": "10.1.0"
        },
        {
            "fixed": "10.1.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p19"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p23"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p25"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p26"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p27"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p28"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p33"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p36"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p37"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p38"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p7"
        }
    ]
}
Type
GIT
Repo
https://github.com/zimbra/zm-mailbox
Events
Introduced
8033bd1ec9d7211c2eb5fa71aeb3b4073a8dc160
Fixed
36b0176b086d3ced0cd751ec0aca4d9869574496
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
943f2188be659dbccc17e6082dc0c542f9debea4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
82e2bdc9c525585c3d3c2bb383ed80b1feaf878e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e641be6dd504882bd357015c8012195d5bb49da2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e641be6dd504882bd357015c8012195d5bb49da2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
52c811a0259419b4e3d177f80c0ba7562d375cfa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
459d2044a9a205efee2b8998be41762876174dde
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
497eef64675f6ae63972c50c24e26048640748f6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dbe58ce9fb59913993aa2d7a5f2c28a292ee4a86
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
63c14463c4393c0fcdec4a470e448d1d7dab76d1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
83f33002916b0d752667a29a7fcf865af4609e7a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19ec057977b93892ef40c4d4d68b578bb8e4dea0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
848af7d9e2467b794b51a49afe3d1edef3ce6b66
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4576339cd43ab64c19dc87591825ab51cb79f07a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2d2629d018b23dba6b5e984860724832adbe7014
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bcce34b646ae27b931802d859d47e4adfe981635
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f11cd2739a33347b5035c138813fd117378ec5c9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
69380ca2440983320d3262ef155852dbd5bac4f5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
31856510b3e72583143b1464bae867772e303bab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fad224b80f4bbf39496d104d58947bc1ac4bca39
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a6fdb2b0bbe8c189fd212d798f71f183fd3318ba
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f323d75b09d42a6313b47d9a74aae96ec66aa1f8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d74bc7bfd7f78c7261d0e52baf42716630fc3f0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
10b7ff251aee6f4770ad75377a1f81491ad5bdb9
Database specific 
{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p22"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p24\\.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p29"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p30"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p32"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p34"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p39"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p40"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p41"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-p9"
        }
    ]
}

Affected versions

10.*
10.0.0-GA
10.0.1
10.0.11
10.0.2
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.1
8.*
8.7.10
8.7.11
8.7.6
8.7.7
8.7.9
8.8.0.beta1
8.8.10
8.8.12
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.8.7
8.8.8
8.8.9
8.8.9.p1
8.8.9.p3
9.*
9.0.0
9.0.0.U20
9.0.0.p1
9.0.0.p10
9.0.0.p11
9.0.0.p13
9.0.0.p14
9.0.0.p16
9.0.0.p17
9.0.0.p18
9.0.0.p19
9.0.0.p2
9.0.0.p20
9.0.0.p22
9.0.0.p23
9.0.0.p24
9.0.0.p24.1
9.0.0.p25
9.0.0.p26
9.0.0.p27
9.0.0.p28
9.0.0.p29
9.0.0.p3
9.0.0.p30
9.0.0.p32
9.0.0.p33
9.0.0.p34
9.0.0.p36
9.0.0.p37
9.0.0.p38
9.0.0.p39
9.0.0.p4
9.0.0.p40
9.0.0.p41
9.0.0.p5
9.0.0.p6
9.0.0.p7
9.0.0.p7.1
9.0.0.p8
9.0.0.p9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25065.json"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 2910.0,
            "function_hash": "250239021129922179859369307689305685860"
        },
        "source": "https://github.com/zimbra/zm-mailbox/commit/36b0176b086d3ced0cd751ec0aca4d9869574496",
        "id": "CVE-2025-25065-2802cfab",
        "signature_type": "Function",
        "target": {
            "function": "handle",
            "file": "store/src/java/com/zimbra/cs/service/account/ChangePassword.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "100352541356968744543459554936932541435",
                "34980778564753151690669805825885263298",
                "163615395104885010895005793672519100036",
                "324766885195200298088869019113793247780"
            ]
        },
        "source": "https://github.com/zimbra/zm-mailbox/commit/36b0176b086d3ced0cd751ec0aca4d9869574496",
        "id": "CVE-2025-25065-8d17d1e8",
        "signature_type": "Line",
        "target": {
            "file": "store/src/java/com/zimbra/cs/service/account/ChangePassword.java"
        }
    }
]
vanir_signatures_modified 
"2026-04-12T14:45:04Z"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p15"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p21"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0.0-p42"
            }
        ]
    }
]