A zero-day vulnerability (CVE-2025-27915) in Zimbra Collaboration was exploited in cyber attacks targeting the Brazilian military. Threat actors used malicious ICS files to execute JavaScript for credential theft, email redirection, and data exfiltration. #Zimbra #XSSVulnerability
Keypoints
- The security flaw CVE-2025-27915 involves stored cross-site scripting in Zimbraβs Classic Web Client.
- Exploited in the wild by threat actors spoofing the Libyan Navy to target the Brazilian military.
- The malicious ICS files contained JavaScript designed for data theft and email forwarding.
- Zimbra released patches in January 2025 to fix the vulnerability, but no evidence of widespread exploitation was noted initially.
- Multiple threat groups, including APT28, Winter Vibern, and UNC1151, have previously exploited webmail XSS vulnerabilities.
Read More: https://thehackernews.com/2025/10/zimbra-zero-day-exploited-to-target.html