CVE-2025-71275

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-71275
Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

25 Mar 2026, 16:16

Type Values Removed Values Added
Summary (en) Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell expansion syntax through the RCPT TO parameter to achieve remote code execution under the Zimbra service context. (en) Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519.
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown
References
  • {'url': 'https://packetstorm.news/files/id/212108/', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.vulncheck.com/advisories/zimbra-collaboration-suite-postjournal-unauthenticated-remote-code-execution-via-smtp-injection', 'source': 'disclosure@vulncheck.com'}
  • {'url': 'https://www.zimbra.com/', 'source': 'disclosure@vulncheck.com'}
CWE CWE-78

24 Mar 2026, 16:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-24 16:16

Updated : 2026-03-25 16:16

NVD link : CVE-2025-71275

Mitre link : CVE-2025-71275

CVE.ORG link : CVE-2025-71275

JSON object : View

Products Affected

No product.

CWE

No CWE.