Description
Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.
References (5)
Core 5
Core References
Third Party Advisory
https://wiki.zimbra.com/wiki/Security_Center
Third Party Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.12
Third Party Advisory
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.12#Security_Fixes
Third Party Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Scores
CVSS v3
5.0
EPSS
0.0024
EPSS Percentile
14.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
Zimbra/Collaboration
< 10.1.12
Published
Oct 21, 2025
Tracked Since
Feb 18, 2026