We're only some weeks from taking our new Carbonio system into production, now our Security Officer forwards us a mail from the Center for Cybersecurity Belgium with the message that our Zimbra system is found vulnerable to CVE-2025-48700. We currently run the 9.0.0_ZEXTRAS_20220713.FOSS build (and looking forward to take Carbonio into production). My question is whether this FOSS/Zextras build of Zimbra 9.0 is also vulnerable?
In previous similar sitations, e.g. in case of CVE-2024-45519, the Zimbra FOSS version was not affected, but I cannot find enough information about the CVE-2025-48700 and FOSS (Zextras) build to confirm/exclude for the current situtation. Can anyone help?
Thanks!
@cmbzextras
Hi,
Thank you for bringing this to our attention.
We will take a look at this and get back to you with our feedback.
Regards,