What this page does
This page let's you test if your Zimbra is affected by CVE 2025 54390.
It is aimed at admins.
Instructions:
- Create a new user with a new password.
- Make sure that FeatureResetPasswordStatus is turned on in the user
- Log in with that account.
- Once on the account webmail send an email to its own email address with a link to this webpage.
- Search the email in the box.
- Click on the webpage from the email.
- Fill Zimbra host as expected
- Fill Zimbra password. Make sure to follow the minimal password rules on your system (Number of digits, special symbols, ...)
- and click the CVE 2025 54390 - CSRF Demo button.
- Expected: Next time you will be able to login with your specified password.