High severity7.5NVD Advisory· Published Jul 9, 2025· Updated Apr 15, 2026

CVE-2025-53645

Description

Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wiki.zimbra.com/wiki/Security_Centernvd
wiki.zimbra.com/wiki/Zimbra_Releases/10.0.15nvd
wiki.zimbra.com/wiki/Zimbra_Releases/10.1.9nvd
wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P46nvd
wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policynvd
wiki.zimbra.com/wiki/Zimbra_Security_Advisoriesnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000