Unrated severityNVD Advisory· Published Apr 29, 2025· Updated May 6, 2025
CVE-2025-32354
CVE-2025-32354
Description
In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=9.0 <=10.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.