NVD - CVE-2025-54390 (original) (raw)
Change History
4 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 5:40:00 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2025-09-17T15:01:11.927483Z","id":"CVE-2025-54390","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by MITRE 6/17/2026 5:40:00 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}] |
CVE Modified by CISA-ADP 9/17/2025 11:15:43 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | |
| Added | CWE | CWE-352 |
New CVE Received from MITRE 9/17/2025 11:15:43 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated user into visiting a malicious webpage that silently sends a crafted SOAP request to reset the user's password. The vulnerability stems from a lack of CSRF token validation on the endpoint, allowing password resets without the user's consent. | |
| Added | Reference | https://wiki.zimbra.com/wiki/Security\_Center | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories |