The security vulnerability in Zimbra Collaboration involves a stored cross-site scripting (XSS) flaw in the Classic Web Client. This flaw arises due to insufficient sanitization of HTML content in ICS calendar files, allowing attackers to inject malicious scripts. It was actively exploited in cyber attacks early this year with a known target being the Brazilian military.
This vulnerability, tracked as CVE-2025-27915 and scoring 5.4 on the CVSS scale, posed significant risks by potentially allowing attackers to execute arbitrary scripts in the context of the victim’s browser. Such attacks can lead to data theft, session hijacking, or privilege escalation. The exploitation of this zero-day highlights ongoing challenges in securing collaboration platforms which handle diverse content types such as calendar files.
Following detection, Zimbra issued a patch to remediate the vulnerability. However, the incident underscores the importance of timely updates to avoid lingering risks, especially for sensitive organizations like military entities. It also reflects the evolving threat landscape where attackers target overlooked attack surfaces in widely used software.
👉 Pročitaj original: The Hacker News
