top of page

Security advisory: Critical Zimbra vulnerability allows hackers to attack via a single email

Zimbra has issued an urgent advisory urging users to promptly update their software to patch a critical security vulnerability. The flaw affects the Classic Web Client and could allow threat actors to gain full control of user accounts.

How the vulnerability works and its severity

The vulnerability, which has not yet been assigned a CVE identifier, is classified as a stored cross-site scripting (XSS) flaw.

This vulnerability has not yet been assigned a CVE identifier
This vulnerability has not yet been assigned a CVE identifier

In simple terms, an XSS vulnerability occurs when a system fails to properly sanitize or validate special characters in user input, allowing attackers to inject malicious JavaScript code into a victim's browser. In a "stored" XSS attack, this malicious code is permanently stored on the target server as seemingly harmless data.

Consequently, as soon as a user opens a specially crafted email from an attacker, the malicious code automatically executes directly within their web browser. Successful exploitation allows threat actors to:

  • Spy on information within the personal mailbox.

  • Steal session data (session hijacking).

  • Steal credentials and modify account settings.

Zimbra - A Preferred Target for Cyberattacks

While Zimbra has not yet observed any real-world exploits targeting this new vulnerability, similar flaws on the platform have long been a prime target for cybercriminals. Exploitations targeting Zimbra's XSS vulnerabilities date back to December 2021.

Notably, in October last year, a similar flaw tracked as CVE-2025-27915 (with a CVSS severity score of 5.4) affecting the Classic Web Client was reportedly exploited as a zero-day vulnerability to target the Brazilian military. At the time, however, Zimbra stated to the news outlet The Hacker News that they found no concrete evidence to support these attack claims.

Prior to this, other XSS vulnerabilities in the system, such as CVE-2023-37580 and CVE-2024-27443, had also been actively exploited by threat actors.

What users need to do to protect themselves

Given the significant information security risks mentioned above, experts recommend that users and system administrators proactively mitigate the risk of exploitation.

The current optimal solution: To ensure maximum data protection, users are strongly advised to update their systems to Zimbra Collaboration Suite 10.1.19 as soon as possible.

Timely software upgrades remain an effective shield against cybersecurity threats. Check your current Zimbra version immediately to ensure your mailbox is fully protected from malicious actors.

Comments


follow ipsip vietnam.png
40051abd5a76713af8f015988fc6780e-blue-phone-icon-with-a-wave-on-it.webp
whatsapp-mobile-software-icon-png-image_6315991.png
pngtree-minimal-calendar-icon-vector-png-image_21233134.png
IPSIP logo transparent.png

IPSIP VIETNAM ONE MEMBER LIMITED LIABILITY COMPANY (IPSIP VIETNAM OMLLC)

Tax code: 0313859600

🏢 SH05.01, B4 Street, Saritown Area, An Khanh Ward, Ho Chi Minh City, Vietnam

​☎  +84 918 397 489

  • Linkedin
  • Facebook
  • TikTok
  • Email liên hệ
png-clipart-iso-iec-27001-information-security-management-iso-iec-27002-international-orga
soc 2 type ii

Our Services

Sign up to receive in-depth cybersecurity documents and news from IPSIP Vietnam.

bottom of page