A critical Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Server (ZCS) versions 9.0 through 10.1, tracked as CVE-2025-32354, allows attackers to execute unauthorized GraphQL operations and access sensitive user data. The flaw resides in Zimbra’s webmail interface’s GraphQL endpoint (/service/extension/graphql), where improper CSRF token validation enables malicious actors to manipulate authenticated users into triggering
The post Zimbra Collaboration Server GraphQL Vulnerability Exposes Sensitive User Data appeared first on Cyber Security News. Read More