Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in both the Webmail interface and the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.
History

Wed, 09 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 16:45:00 +0000

Type Values Removed Values Added
Description Zimbra Collaboration Suite (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in both the Webmail interface and the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-07-09T00:00:00.000Z

Updated: 2025-07-09T19:31:25.132Z

Reserved: 2025-07-07T00:00:00.000Z

Link: CVE-2025-53645

cve-icon Vulnrichment

Updated: 2025-07-09T19:29:39.577Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T17:15:31.297

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-53645

cve-icon Redhat

No data.