Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CRITICAL AND MEDIUM VULNERABILITIES IN ZIMBRASYNCSERVICE IN ZIMBRA COLLABORATION, PATCH IMMEDIATELY!
Image
Published : 12/02/2025
Reference:
Advisory #2025-30
Version:
1.0
Affected software:
ZimbraSyncService SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12
ZimbraSyncService SOAP endpoint in Zimbra Collaboration 10.1.x before 10.1.4
Type:
Remote Code Execution
CVE/CVSS:
CVE-2025-25064: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://nvd.nist.gov/vuln/detail/CVE-2025-25064
Risks
On February 3, 2025, NVD (National Vulnerability Database) published a vulnerability related to the ZimbraSync Service SOAP endpoint in Zimbra Collaboration.
Zimbra Collaboration Suite is a platform for web, calendar, and collaboration services, enabling users to sync emails, calendars, contacts, and tasks across multiple devices and integrate with third-party applications.
Exploiting CVE-2025-25064 allows attackers to access sensitive email metadata, compromising user privacy and potentially the entire email system.
CVE-2025-25064 impacts the confidentiality, integrity, and availability of vulnerable systems.
Description
CVE-2025-25064 allows an authenticated remote attacker to execute arbitrary SQL commands on the affected Zimbra Collaboration server. The attacker can inject arbitrary SQL queries by manipulating a specific parameter, potentially retrieving email metadata.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends that organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.