Skip to main content

Zimbra Collaboration Suite CVE-2025-71275

| EUVDEUVD-2025-208960 CRITICAL
Command Injection (CWE-77)
2026-03-24 VulnCheck GHSA-4cgv-84wm-gp2c
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Mar 25, 2026 - 16:16 vuln.today
Public exploit code
EUVD ID Assigned
Mar 24, 2026 - 15:45 euvd
EUVD-2025-208960
Analysis Generated
Mar 24, 2026 - 15:45 vuln.today
CVE Published
Mar 24, 2026 - 15:21 nvd
CRITICAL 9.3

DescriptionCVE.org

A critical security vulnerability exists in Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 that allows unauthenticated attackers to execute arbitrary system commands via SMTP injection. The vulnerability is triggered through improper sanitization of the RCPT TO parameter, enabling command injection using shell expansion syntax (e.g., $(COMMAND)). Successful exploitation results in remote code execution under the Zimbra service context without requiring authentication.

AnalysisAI

A critical unauthenticated remote code execution vulnerability exists in Zimbra Collaboration Suite PostJournal service version 8.8.15, allowing attackers to execute arbitrary system commands via SMTP injection through improper sanitization of the RCPT TO parameter using shell expansion syntax. A publicly available proof-of-concept exploit exists (PacketStorm), significantly increasing exploitation risk. With a CVSS score of 9.8 and network-accessible attack vector requiring no authentication or user interaction, this represents an immediate threat to exposed Zimbra installations.

Technical ContextAI

The vulnerability affects the PostJournal service component of Zimbra Collaboration Suite (CPE: cpe:2.3:a:zimbra:zimbra_collaboration_suite), a widely-deployed enterprise email and collaboration platform. The root cause is CWE-77 (Command Injection), specifically through improper neutralization of special elements used in OS commands within the SMTP protocol handler. The RCPT TO parameter, which normally specifies email recipients, fails to sanitize shell metacharacters such as $() command substitution syntax. When processing SMTP transactions, the service passes unsanitized user input directly to system command execution contexts, allowing attackers to inject arbitrary commands that execute with Zimbra service privileges. This affects the core mail routing infrastructure where SMTP commands are processed before authentication occurs.

RemediationAI

Organizations running Zimbra Collaboration Suite 8.8.15 should immediately consult the VulnCheck advisory at https://www.vulncheck.com/advisories/zimbra-collaboration-suite-postjournal-unauthenticated-remote-code-execution-via-smtp-injection and Zimbra's official communications at https://www.zimbra.com/ for patch availability and upgrade instructions to a remediated version. Until patching is completed, implement compensating controls including restricting SMTP access to the PostJournal service through firewall rules allowing only trusted mail relay IP addresses, deploying an SMTP proxy or gateway with input validation to filter malicious RCPT TO parameters containing shell metacharacters, and monitoring SMTP logs for command injection attempts (specifically $() syntax in recipient fields). Given the critical nature and public exploit availability, emergency patching should be prioritized over typical change management windows.

CVE-2013-7091 MEDIUM POC
5.0 Dec 13

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim

CVE-2025-27915 MEDIUM POC
5.4 Mar 12

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. Rated medium severity (CVSS 5.4), this vuln

CVE-2025-66376 HIGH
7.2 Jan 05

Zimbra Collaboration Suite (ZCS) 10.x contains a stored XSS vulnerability in the Classic UI that allows attackers to exe

CVE-2022-41352 CRITICAL POC
9.8 Sep 26

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2022-37042 CRITICAL POC
9.8 Aug 12

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts fi

CVE-2022-3569 HIGH POC
7.8 Oct 17

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalat

CVE-2019-9621 HIGH POC
7.5 Apr 30

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b

CVE-2022-27925 HIGH POC
7.2 Apr 21

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts file

CVE-2024-45519 CRITICAL POC
9.8 Oct 02

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9,

CVE-2020-7796 CRITICAL POC
9.8 Feb 18

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enab

CVE-2023-34192 CRITICAL POC
9.0 Jul 06

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary co

CVE-2016-3403 HIGH POC
8.8 May 17

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Pat

Share

CVE-2025-71275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy