CVE-2025-53645
Last modified
CVE-2025-53645 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. EPSS estimates a 1.33% chance of exploitation in the next 30 days.
Description
Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-53645?
How severe is CVE-2025-53645?
How do I fix CVE-2025-53645?
Are you affected by CVE-2025-53645?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST