HTTP: Zimbra Collaboration CancelPendingAccountOnlyRemoteWipe SQL Injection
This signature detects attempts to exploit a known vulnerability against Zimbra Collaboration. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata.
Affected Products
Synacor zimbra_collaboration_suite
References
CVE: CVE-2025-25064
URL: https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes
Short Name
HTTP:SQL:INJ:ZMBR-CLLB-SQL-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2025-25064 CancelPendingAccountOnlyRemoteWipe Collaboration Injection SQL Zimbra
Release Date
03/11/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3816
False Positive
Unknown
Vendors
Synacor