zimbra News Articles
Recent news articles refferecing the vendors vulnerabilities.
The Cyber ExpressCVE-2025-27915Zimbra ZCS Flaw CVE-2025-27915 Actively Exploited
CISA alerts on CVE-2025-27915 in Zimbra ZCS Classic Web Client, a zero-day XSS flaw actively exploited to hijack user sessions and steal sensitive data.
Cyber PressCVE-2025-27915CISA Warns of Zimbra Collaboration Suite Zero-Day XSS Exploited in Active Attacks
The flaw allows attackers to hijack user sessions, steal sensitive data, and manipulate email filters without requiring elevated privileges.
CISA adds Zimbra Collaboration Suite bug to known exploited vulnerability catalogue
CVE-2025-27915 was used earlier this year to target the Brazilian military in a data theft attempt.
Security AffairsCVE-2025-27915U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog.
Security AffairsCVE-2025-27915Zimbra users targeted in zero-day exploit using iCalendar attachments
Threat actors exploited a Zimbra zero-day via malicious iCalendar (.ICS) files used to deliver attacks through calendar attachments.
The Hacker NewsCVE-2025-27915Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
Zimbra patched a CVE-2025-27915 XSS flaw exploited in attacks targeting Brazil’s military via ICS files.
Zimbra Security Updates Fix a Critical SQL Injection Vulnerability
Zimbra has released updates that fix vulnerabilities in its products. One of the vulnerabilities is critical, at a CVSS rating of 9.8, the other is of medium
The Hacker NewsCVE-2025-25064Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Zimbra has patched CVE-2025-25064, a critical SQL injection flaw (CVSS 9.8), and other security bugs. Update now to protect against exploits.
Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources
Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities.
Zimbra email platform under active attack, RCE possible
If properly executed, the exploit would allow an attacker to obtain remote code execution on the target server.
eSecurity PlanetCVE-2024-45519Vulnerability Recap 10/7/24: Apple, DrayTek, Ivanti, Okta
This week’s security issues include DrayTek router vulnerabilities, a strain of malware threatening Linux systems, and a notice from Okta.
Nicolas CoolmanCVE-2024-45519Zimbra, Security Vulnerability CVE-2024-45519 May Allow Unauthenticated User to Execute Commands - ZAM
On October 3, 2024, CISA published an advisory regarding active exploitation of CVE-2024-45519 affecting Synacor Zimbra Collaboration.
GBHackersCVE-2024-4551919.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks
A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks.
Zimbra bug causes alarm among researchers, CERTs after exploitation attempts
Zimbra has issued a patch for a critical vulnerability tracked as CVE-2024-45519, but experts are warning the bug has been exploited by malicious hackers.
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be
CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability
CISA has issued an urgent alert regarding the active exploitation of critical vulnerabilities in Synacor's Zimbra and Ivanti's EPM
Critical Zimbra RCE flaw exploited to backdoor servers using emails
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server.
CybersecurityNewsCVE-2024-45519Zimbra Remote Command Execution Vulnerability (CVE-2024-45519) - Exploit POC Released
Zimbra is a comprehensive messaging and collaboration platform that integrates email, calendaring, contacts, tasks, and document
Help Net SecurityCVE-2024-45519Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) - Help Net Security
Attackers are exploiting CVE-2024-45519, a Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations.
The Hacker NewsCVE-2024-45519Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw
Urgent patching is needed for Zimbra Collaboration as attackers exploit CVE-2024-45519 to execute commands.
Security AffairsCVE-2024-45519Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor's Zimbra Collaboration.
Critical Zimbra Vulnerability Exploited One Day After PoC Release
A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers.
Zimbra RCE Vuln Under Attack Needs Immediate Patching
The bug gives attackers a way to run arbitrary code on affected servers and take control of them.
Help Net SecurityCritical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) - Help Net Security
A critical XSS vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers.