CVE-2025-54390

A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated user into visiting a malicious webpage that silently sends a crafted SOAP request to reset the user's password. The vulnerability stems from a lack of CSRF token validation on the endpoint, allowing password resets without the user's consent.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Configurations

No configuration.

History

No history.

Information

Published : 2025-09-17 15:15

Updated : 2025-09-18 13:43

NVD link : CVE-2025-54390

Mitre link : CVE-2025-54390

CVE.ORG link : CVE-2025-54390

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-54390", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2025-09-17T15:15:43.267", "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center", "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated user into visiting a malicious webpage that silently sends a crafted SOAP request to reset the user's password. The vulnerability stems from a lack of CSRF token validation on the endpoint, allowing password resets without the user's consent."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) existe en la operaci\u00f3n ResetPasswordRequest de Zimbra Collaboration (ZCS) cuando el atributo zimbraFeatureResetPasswordStatus est\u00e1 habilitado. Un atacante puede explotar esto enga\u00f1ando a un usuario autenticado para que visite una p\u00e1gina web maliciosa que env\u00eda silenciosamente una petici\u00f3n SOAP manipulada para restablecer la contrase\u00f1a del usuario. La vulnerabilidad se deriva de una falta de validaci\u00f3n del token CSRF en el endpoint, permitiendo restablecimientos de contrase\u00f1a sin el consentimiento del usuario."}], "lastModified": "2025-09-18T13:43:34.310", "sourceIdentifier": "cve@mitre.org"}