We're only some weeks from taking our new Carbonio system into production, now our Security Officer forwards us a mail from the Center for Cybersecurity Belgium with the message that our Zimbra system is found vulnerable to CVE-2025-48700. We currently run the 9.0.0_ZEXTRAS_20220713.FOSS build (and looking forward to take Carbonio into production). My question is whether this FOSS/Zextras build of Zimbra 9.0 is also vulnerable?
In previous similar sitations, e.g. in case of CVE-2024-45519, the Zimbra FOSS version was not affected, but I cannot find enough information about the CVE-2025-48700 and FOSS (Zextras) build to confirm/exclude for the current situtation. Can anyone help?
Thanks!
@cmbzextras
Hi,
Thank you for bringing this to our attention.
We will take a look at this and get back to you with our feedback.
Regards,
Hi,
Thanks for your understanding.
The Zimbra 9.0 build that Zextras used to provide is no longer available, and it is no longer offered/maintained through any of our official channels. For that reason, our recommendation is to move to Carbonio or Carbonio CE, our actively maintained products that we keep current with ongoing updates.
You can plan the migration on the schedule that works best for you, and whenever you are ready we are glad to point you to the migration resources and help with any questions along the way.
Regards,