NVD - CVE-2025-54391 (original) (raw)
Change History
4 change records found show changes
CVE Modified by CISA-ADP 6/17/2026 5:40:00 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2025-09-17T13:56:23.741136Z","id":"CVE-2025-54391","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by MITRE 6/17/2026 5:40:00 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}] |
CVE Modified by CISA-ADP 9/17/2025 10:15:39 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | |
| Added | CWE | CWE-284 |
New CVE Received from MITRE 9/16/2025 5:15:33 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional 2FA method (either a third-party authenticator app or email-based 2FA) without presenting a valid authentication token or proving access to an already configured 2FA method. This bypasses 2FA and results in unauthorized access to accounts that are otherwise protected by 2FA. | |
| Added | Reference | https://wiki.zimbra.com/wiki/Security\_Center | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Responsible\_Disclosure\_Policy | |
| Added | Reference | https://wiki.zimbra.com/wiki/Zimbra\_Security\_Advisories |