CVE-2025-62763: 
Zimbra Collaboration Server vulnerability analysis and mitigation

Zimbra Collaboration (ZCS) before version 10.1.12 contains a Server-Side Request Forgery (SSRF) vulnerability due to misconfiguration in the chat proxy component. The vulnerability was disclosed on October 21, 2025, and affects all versions prior to 10.1.12. The issue received a CVSS v3.1 base score of 5.0 (Medium) (NVD).

The vulnerability is classified as CWE-918 (Server-Side Request Forgery) and has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, has changed scope, and can impact system integrity while having no effect on confidentiality or availability (NVD).

The SSRF vulnerability in the chat proxy configuration could allow attackers to make unauthorized requests to internal services through the Zimbra server. The impact is primarily limited to integrity with a low severity rating, as indicated by the CVSS metrics (NVD).

Zimbra has released version 10.1.12 to address this vulnerability. Organizations running affected versions should upgrade to version 10.1.12 immediately. After upgrading, administrators must reactivate the license to maintain synchronization by executing the command 'zmlicense -a' as the zimbra user (Zimbra Wiki).