{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71275", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "REJECTED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-18T19:38:57.984Z", "datePublished": "2026-03-24T15:21:05.396Z", "dateUpdated": "2026-03-25T15:39:37.827Z", "dateRejected": "2026-03-25T15:39:37.827Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-25T15:39:37.827Z"}, "rejectedReasons": [{"lang": "en", "value": "This CVE was rejected due to being a duplicate of CVE-2024-45519.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This CVE was rejected due to being a duplicate of CVE-2024-45519."}]}], "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-71275", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T15:51:19.101238Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:51:23.780Z"}}], "cna": {"title": "Zimbra Collaboration Suite PostJournal 8.8.15 Unauthenticated Remote Code Execution via SMTP Injection", "credits": [{"lang": "en", "type": "finder", "value": "indoushka"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zimbra", "product": "Zimbra Collaboration Suite", "versions": [{"status": "affected", "version": "8.8.15", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-11-27T00:00:00.000Z", "references": [{"url": "https://packetstorm.news/files/id/212108/", "tags": ["exploit"]}, {"url": "https://www.zimbra.com/", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/zimbra-collaboration-suite-postjournal-unauthenticated-remote-code-execution-via-smtp-injection", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell expansion syntax through the RCPT TO parameter to achieve remote code execution under the Zimbra service context."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T15:37:22.847Z"}}}, "cveMetadata": {"cveId": "CVE-2025-71275", "state": "PUBLISHED", "dateUpdated": "2026-03-25T03:55:53.894Z", "dateReserved": "2026-03-18T19:38:57.984Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-24T15:21:05.396Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519."}], "id": "CVE-2025-71275", "lastModified": "2026-03-25T16:16:08.033", "metrics": {}, "published": "2026-03-24T16:16:27.593", "references": [], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Rejected"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.8.15"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Zimbra Collaboration Suite", "source": "cna", "vendor": "Zimbra"}, "product": "zimbra_collaboration_suite", "vendor": "zimbra"}], "analysis": {"en": {"generated_at": "2026-03-24T17:23:15.543669+00:00", "value": {"mitigation_remediation": ["Apply the latest Zimbra security update that addresses the PostJournal command injection flaw.", "Configure network firewalls or access controls to block unauthenticated SMTP connections from untrusted IP ranges.", "Inspect SMTP logs for anomalous RCPT\u00a0TO commands that include shell expansion characters.", "If a patch is not yet available, consider temporarily disabling the PostJournal service or applying a defense\u2011in\u2011depth rule to scrub RCPT\u00a0TO parameters before processing."], "summary": {"action": "Patch Immediately", "impact": "Unauthenticated Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerable component is the PostJournal service of Zimbra Collaboration Suite. Only the 8.8.15 release is listed as affected. Administrators should review any installations of ZCS that include this service version and verify whether the patch level is up to date.", "description_and_impact": "The Zimbra Collaboration Suite version 8.8.15 contains a command injection flaw that allows attackers to execute arbitrary system commands without authentication. The vulnerability is tied to improper sanitization of the RCPT\u00a0TO parameter during SMTP transactions, enabling shell expansion syntax to be injected. The weakness corresponds to CWE\u201178, which signifies a system command execution vulnerability. Under the Zimbra service context the attacker can run arbitrary code, potentially granting full control over the affected system.", "risk_and_exploitability": "The vulnerability scores a CVSS base of 9.3, indicating critical risk. No EPSS score is available, but the flaw allows unauthenticated remote code execution through SMTP, making it highly likely to be abused if an attacker can reach the server. Because it is not listed in CISA\u2019s KEV catalog, active exploitation may not yet be widespread, yet the lack of authentication requirement gives an attacker a very low barrier to exploitation. The attack vector is the SMTP interface; an attacker only needs to send a crafted RCPT\u00a0TO command, which the service does not properly validate."}}}}, "created": "2026-03-25T11:47:13.717668+00:00", "updated": "2026-03-25T20:49:58.227321+00:00", "vendors": ["zimbra", "zimbra$PRODUCT$zimbra_collaboration_suite"]}