Warning: Stored XSS vulnerability in Zimbra Collaboration web client, actively exploited, Patch Immediately!

Image
Decorative image
Gepubliceerd : 07/10/2025

    * Last update:  07/10/2025
   
    * Affected products:
  → Zimbra Collaboration web client v9.0, v10.0 and v10.1

    * Type: Stored cross site scripting vulnerability

    * CVE/CVSS:

  • CVE-2025-27915: CVSS 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Sources

Zimbra Wiki - https://wiki.zimbra.com/wiki/Security_Center
Zimbra Security Advisories - https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Risks

A user on the Zimbra Collaboration platform can get their browser information stolen, when opening a malicious attachment. Examples of this information include cookies, sessions or account information. Using this the actor can compromise the targeted victim email account and perform unauthorized actions. Such as e-mail redirection and data exfiltration.

If exploited this vulnerability has a low impact on the confidentiality, integrity. OSINT sources confirm active exploitation of this vulnerability.

Description

An attacker can inject malicious javascript code into a ICS (Icloud calender) file. This file is then attached to an e-mail wherein if the victim opens the ICS file on the Zimbra Collaboration web client, the malicious javascript code is executed. Executing malicious javascript code on the client side can expose cookies, sessions or any related account information.

Recommended Actions

Patch 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

The Centre for Cybersecurity Belgium strongly recommends updating the Zimbra Collaboration platform to the latest version following the official security advisories page of Zimbra.

References

NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-27915