QwikSec

Security Database

CVE

CWE

Training

CVE-2025-53645

Published: Jul 9, 2025

Modified: Jul 22, 2025

PUBLISHED

Description

Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

https://wiki.zimbra.com/wiki/Security_Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.9#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.15#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P46#Security_Fixes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.