Cyber Resilience

CVE-2025-25064

High

Published: 03 February 2025

Published
03 February 2025
Modified
11 June 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4776 97.8th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25064 is a high-severity SQL Injection (CWE-89) vulnerability in Synacor Zimbra Collaboration Suite. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-25064 is a SQL injection vulnerability in the ZimbraSync Service SOAP endpoint of Zimbra Collaboration versions 10.0.x prior to 10.0.12 and 10.1.x prior to 10.1.4. It stems from insufficient sanitization of a user-supplied parameter, allowing arbitrary SQL queries to be injected via the affected endpoint and potentially exposing email metadata.

Authenticated attackers with valid credentials can exploit the flaw over the network by crafting malicious requests that manipulate the vulnerable parameter. Successful exploitation grants the ability to retrieve sensitive email metadata, with the issue carrying a CVSS 3.1 score of 8.8 reflecting high impact on confidentiality, integrity, and availability.

Zimbra's release notes for versions 10.0.12 and 10.1.4, along with the vendor's security advisories page, document the fixes applied to address this and related issues in the affected releases. The current EPSS score of 0.4776 with a peak of 0.4829 shows no material rise from a low baseline.

EU & UK References

Vulnerability details

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the…

more

request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in network-accessible ZimbraSync SOAP endpoint directly enables exploitation of public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-68645Same product: Synacor Zimbra Collaboration Suite
CVE-2025-66376Same product: Synacor Zimbra Collaboration Suite
CVE-2026-33373Same product: Synacor Zimbra Collaboration Suite
CVE-2025-27915Same product: Synacor Zimbra Collaboration Suite
CVE-2025-68461Same product class: email / collaboration
CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89

Affected Assets

synacor
zimbra collaboration suite
10.0.0 — 10.0.12 · 10.1.0 — 10.1.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the insufficient sanitization of user-supplied parameters in the SOAP endpoint by requiring validation to prevent SQL injection attacks.

prevent

Mandates timely flaw remediation through patching to upgraded Zimbra versions 10.0.12 or 10.1.4, eliminating the SQL injection vulnerability.

preventdetect

Boundary protection mechanisms like web application firewalls can inspect and block SQL injection payloads targeting the ZimbraSync SOAP endpoint.

References