CVE-2015-6541

HIGH

Zimbra Collaboration Server < 8.5 - Cross-Site Request Forgery via SOAP BatchRequest

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6541. PoCs published by Sysdream.

AI-analyzed exploit summary This is a proof-of-concept for a CSRF vulnerability in Zimbra Mail interface (CVE-2015-6541). It demonstrates how an attacker can forge a request to modify account preferences, such as email forwarding, by tricking a victim into submitting a malicious HTML form.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

Exploits (1)

exploitdb WORKING POC
by Sysdream · textwebappslinux
https://www.exploit-db.com/exploits/39500

This is a proof-of-concept for a CSRF vulnerability in Zimbra Mail interface (CVE-2015-6541). It demonstrates how an attacker can forge a request to modify account preferences, such as email forwarding, by tricking a victim into submitting a malicious HTML form.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Zimbra <= 8.0.9 GA Release
No auth needed
Prerequisites: Victim must be authenticated in Zimbra and visit the malicious page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/121
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39500/

Scores

CVSS v3 8.8
EPSS 0.0299
EPSS Percentile 85.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
zimbra/zimbra_collaboration_server < 8.0.9
Published Apr 08, 2016
Tracked Since Feb 18, 2026