Security advisory: Critical Zimbra vulnerability allows hackers to attack via a single email
- Thảo Nguyên

- 2 days ago
- 2 min read
Zimbra has issued an urgent advisory urging users to promptly update their software to patch a critical security vulnerability. The flaw affects the Classic Web Client and could allow threat actors to gain full control of user accounts.
How the vulnerability works and its severity
The vulnerability, which has not yet been assigned a CVE identifier, is classified as a stored cross-site scripting (XSS) flaw.

In simple terms, an XSS vulnerability occurs when a system fails to properly sanitize or validate special characters in user input, allowing attackers to inject malicious JavaScript code into a victim's browser. In a "stored" XSS attack, this malicious code is permanently stored on the target server as seemingly harmless data.
Consequently, as soon as a user opens a specially crafted email from an attacker, the malicious code automatically executes directly within their web browser. Successful exploitation allows threat actors to:
Spy on information within the personal mailbox.
Steal session data (session hijacking).
Steal credentials and modify account settings.
Zimbra - A Preferred Target for Cyberattacks
While Zimbra has not yet observed any real-world exploits targeting this new vulnerability, similar flaws on the platform have long been a prime target for cybercriminals. Exploitations targeting Zimbra's XSS vulnerabilities date back to December 2021.
Notably, in October last year, a similar flaw tracked as CVE-2025-27915 (with a CVSS severity score of 5.4) affecting the Classic Web Client was reportedly exploited as a zero-day vulnerability to target the Brazilian military. At the time, however, Zimbra stated to the news outlet The Hacker News that they found no concrete evidence to support these attack claims.
Prior to this, other XSS vulnerabilities in the system, such as CVE-2023-37580 and CVE-2024-27443, had also been actively exploited by threat actors.
What users need to do to protect themselves
Given the significant information security risks mentioned above, experts recommend that users and system administrators proactively mitigate the risk of exploitation.
The current optimal solution: To ensure maximum data protection, users are strongly advised to update their systems to Zimbra Collaboration Suite 10.1.19 as soon as possible.
Timely software upgrades remain an effective shield against cybersecurity threats. Check your current Zimbra version immediately to ensure your mailbox is fully protected from malicious actors.











Comments