Summary: A critical Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-32354) in Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1 threatens email servers by allowing attackers to hijack authenticated sessions. This exploit can lead to unauthorized modifications of user data, account takeovers, and corporate espionage. Zimbra has released a patch, urging users to upgrade and implement additional security measures to mitigate risks.
Affected: Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1
Keypoints :
- Vulnerability allows session hijacking and data theft through Zimbra’s GraphQL endpoint.
- Attackers can modify contact lists, change account settings, and access emails and calendars.
- Zimbra has released version 10.1.1 to patch the vulnerability; users are advised to upgrade and enforce CSRF tokens.
- Organizations must monitor logs and implement temporary fixes if unable to upgrade.
- Employee training on avoiding suspicious links is recommended to prevent exploitation.
Source: https://gbhackers.com/zimbra-collaboration-graphql-flaw/