Zimbra Collaboration, an open-source software suite for collaboration, is utilized by over 5,000 companies and public sector users in more than 140 countries. However, Google TAG discovered a 0-day exploit in June 2023 that targeted Zimbra Collaboration (CVE-2023-37580). Four distinct groups exploited this bug, stealing email data, user credentials, and authentication tokens. The vulnerability, known as Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability, has a base score of 6.1 and a medium severity level. Most of the hacking activity occurred after the initial fix was made public on GitHub. To stay protected, it is recommended to keep software up-to-date and apply security updates promptly. Zimbra released a hotfix on July 5, 2023, and provided an advisory on July 13, 2023. Researchers also identified three threat groups exploiting the vulnerability before the official patch, with a fourth campaign emerging after the fix. The urgency for mail server fixes is underscored by the discovery of these campaigns. Regular XSS exploits highlight the importance of conducting rigorous mail server code audits.
Related Posts
Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively…
Researchers have uncovered a sophisticated attack campaign targeting Ivanti Cloud Services Appliance (CSA) users. Nation-state actors are exploiting multiple zero-day…
New identical Windows Theme Zero-Day Vulnerability Let Attackers Steal Credentials vulnerability that might allow attackers to obtain NTLM credentials of…