top of page
perceptive_background_267k.jpg

Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute …

Published:

23 maart 2026 om 23:00:00

Alert date:

24 maart 2026 om 17:03:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Email & Messaging

Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a critical command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands. The vulnerability stems from improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can exploit this by injecting shell expansion syntax through the RCPT TO parameter to achieve remote code execution under the Zimbra service context. This vulnerability poses a high risk as it requires no authentication and allows full system command execution.

Technical details

Mitigation steps:

Affected products:

Zimbra Collaboration Suite (ZCS) PostJournal service

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-71275
https://packetstorm.news/files/id/212108/
https://www.vulncheck.com/advisories/zimbra-collaboration-suite-postjournal-unauthenticated-remote-code-execution-via-smtp-injection
https://www.zimbra.com/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page