About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client (Classic Web Client) allows an unauthenticated attacker to execute arbitrary JavaScript in the context of the victim’s session. To do this, the attacker only needs to send an email with a specially crafted ICS file (iCalendar). The payload is triggered when the message is viewed in the web interface.
⚙️ The vulnerability was patched on January 27 in versions 9.0.0 Patch 44, 10.0.13, 10.1.5, as well as in the unofficial free Zimbra FOSS build from Maldua.
🛠 On September 30, StrikeReady Labs published a vulnerability analysis with a public exploit.
👾 StrikeReady Labs reported the vulnerability was exploited against Brazil’s military in January, before the patch was released. The vulnerability was added to CISA KEV on October 7.