CNNVD-202509-2718 Information
CNNVD ID
CNNVD-202509-2718
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台,支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration存在安全漏洞,该漏洞源于ResetPasswordRequest操作缺少CSRF令牌验证,可能导致跨站请求伪造攻击。
Description (English)
Zimbra Collaboration is an open-source enterprise e-mail and collaboration platform for Zimbra to support mail, calendar, document management and teamwork functions. There is a security loophole in Zimbra Collaboration, which stems from the lack of CSRF token certification for the ResetPassword Request operation, which could lead to cross-site requests for false attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ZLMediaKiet
Published
2025-09-17
Last Modified
2026-02-24
References
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Security_Center https://access.redhat.com/security/cve/cve-2025-54390
Patch
https://wiki.zimbra.com/wiki/Security_Center
Share on: