Home / Vulnerability Intelligence / CVE-2025-71275

CVE-2025-71275 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 24, 2026

Zimbra Collaboration Suite - Command Injection

Published: March 24, 2026Updated: March 24, 2026Remote Exploitable

Overview

Zimbra Collaboration Suite (ZCS) 8.8.15 contains a command injection caused by improper sanitization of the RCPT TO parameter in PostJournal service, letting unauthenticated attackers execute arbitrary system commands remotely.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can execute arbitrary system commands remotely, potentially leading to full system compromise under the Zimbra service context.

Mitigation

Update to the latest version of Zimbra Collaboration Suite.

References

https://packetstorm.news/files/id/212108/
https://www.vulncheck.com/advisories/zimbra-collaboration-suite-postjournal-unauthenticated-remote-code-execution-via-smtp-injection
https://www.zimbra.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-71275
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: new

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H