A severe Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1 has put email servers and user data at risk of exploitation. Tracked as CVE-2025-32354, the flaw allows attackers to hijack authenticated sessions and steal sensitive information, including passwords, contacts, and email content. The flaw resides in Zimbra’s GraphQL endpoint (/service/extension/graphql), […]

The post Zimbra Collaboration GraphQL Flaw Lets Hackers Steal User Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/zimbra-collaboration-graphql-flaw/