Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in both the Webmail interface and the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Jul 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-400 | |
Metrics |
cvssV3_1
|
Wed, 09 Jul 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in both the Webmail interface and the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service. | |
References |
|
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-07-09T00:00:00.000Z
Updated: 2025-07-09T19:31:25.132Z
Reserved: 2025-07-07T00:00:00.000Z
Link: CVE-2025-53645

Updated: 2025-07-09T19:29:39.577Z

Status : Awaiting Analysis
Published: 2025-07-09T17:15:31.297
Modified: 2025-07-10T13:17:30.017
Link: CVE-2025-53645

No data.