Home / Vulnerability Intelligence / CVE-2025-71275

CVE-2025-71275 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 25, 2026

Zimbra Collaboration Suite - Command Injection

Published: March 24, 2026Updated: March 25, 2026Remote Exploitable

Overview

Zimbra Collaboration Suite (ZCS) 8.8.15 contains a command injection caused by improper sanitization of the RCPT TO parameter in PostJournal service, letting unauthenticated attackers execute arbitrary system commands remotely.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary system commands remotely, potentially leading to full system compromise under the Zimbra service context.

Mitigation

Update to the latest version of Zimbra Collaboration Suite.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 24, 2026

🔴 CVE-2025-71275 - Critical (9.8) Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71275/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-71275
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: unconfirmed
EPSS: 0.0%
Social Posts: 1

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days