CISA Alerts on Zimbra Collaboration Suite Zero-Day XSS Flaw Exploited in Ongoing Attacks
gbhackersCISA has issued a warning about a new zero-day cross-site scripting (XSS) flaw in the Zimbra Collaboration Suite (ZCS).
This vulnerability is already in use by attackers to hijack user sessions, steal data, and push malicious filters.
Organizations running ZCS should move quickly to apply available fixes or follow guidance to limit risk.
Overview of the Vulnerability
The vulnerability stems from insufficient sanitization of HTML in calendar invitation files (ICS) viewed in the Classic Web Client.
An attacker can craft an ICS entry that embeds JavaScript code inside an event’s ontoggle attribute. When an unsuspecting user opens an email with the malicious ICS attachment, that script runs in the context of the user’s session.
| Product | CVE ID | Vulnerability Description |
| Zimbra Collaboration Suite (ZCS) | CVE-2025-27915 | ZCS Classic Web Client fails to sanitize HTML content in ICS files. Viewing a malicious ICS entry triggers embedded JavaScript via the ontoggle event ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE