CNNVD-202509-2300 Information
CNNVD ID
CNNVD-202509-2300
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台,支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration存在安全漏洞,该漏洞源于EnableTwoFactorAuthRequest SOAP端点允许攻击者在未提供有效身份验证令牌的情况下配置额外的2FA方法,可能导致绕过双重身份验证保护。
Description (English)
Zimbra Collaboration is an open-source enterprise e-mail and collaboration platform for Zimbra to support mail, calendar, document management and teamwork functions. There is a security loophole in Zimbra Collaboration, which stems from the fact that the EnableTwoFactorAuthRequest SOAP endpoint allows the attackers to configure an additional 2FA method without providing a valid identification badge, which could lead to circumventing dual identification protection.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ZLMediaKiet
Published
2025-09-16
Last Modified
2026-02-24
References
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Security_Center https://access.redhat.com/security/cve/cve-2025-54391
Patch
https://wiki.zimbra.com/wiki/Security_Center
Share on: