Zimbra Collaboration GraphQL Flaw Lets Hackers Steal User Information
gbhackersA severe Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1 has put email servers and user data at risk of exploitation.
Tracked as CVE-2025-32354, the flaw allows attackers to hijack authenticated sessions and steal sensitive information, including passwords, contacts, and email content.
The flaw resides in Zimbra’s GraphQL endpoint (/service/extension/graphql), which lacks CSRF token validation.
Attackers can craft malicious websites or links that trigger unauthorized GraphQL operations when visited by a logged-in Zimbra user. This enables threat actors to:
- Modify or export a victim’s contact list.
- Change account settings (e.g., passwords, auto-forwarding rules).
- Access emails, calendars, and file-sharing permissions.
- Potentially escalate privileges to compromise entire domains.
Unlike traditional CSRF attacks, this exploit leverages GraphQL’s flexible query structure to bypass standard security checks.
Impact and Exploit Risks
Zimbra Collaboration, used by over 200,000 organizations globally, is ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE