CVE-2025-32354 Zimbra Collaboration Suite Webmail graphql cross-site request forgery

April 30, 2025

… GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform …