CISA has issued a warning a few new zero-day cross-site scripting (XSS) flaw within the Zimbra Collaboration Suite (ZCS).
This vulnerability is already in use by attackers to hijack person periods, steal knowledge, and push malicious filters.
Organizations working ZCS ought to transfer shortly to use accessible fixes or comply with steering to restrict threat.
Overview of the Vulnerability
The vulnerability stems from inadequate sanitization of HTML in calendar invitation information (ICS) considered within the Basic Internet Shopper.
An attacker can craft an ICS entry that embeds JavaScript code inside an occasion’s ontoggle attribute. When an unsuspecting person opens an e-mail with the malicious ICS attachment, that script runs within the context of the person’s session.
| Product | CVE ID | Vulnerability Description |
| Zimbra Collaboration Suite (ZCS) | CVE-2025-27915 | ZCS Basic Internet Shopper fails to sanitize HTML content material in ICS information. Viewing a malicious ICS entry triggers embedded JavaScript by way of the ontoggle occasion, permitting arbitrary script execution within the person’s session. |
This provides an attacker the identical degree of entry because the sufferer. Attackers can then change e-mail filters to ahead messages, exfiltrate knowledge, or carry out different unauthorized actions on behalf of the person.
CISA has added this flaw to its Identified Exploited Vulnerabilities Catalog on October 7, 2025, and set an motion deadline of October 28, 2025. The alert urges all ZCS directors to:
- Evaluate vendor advisories and apply patches or workarounds instantly.
- Observe Cloud Safety Technical Reference Structure steering underneath BOD 22-01 for cloud-hosted deployments.
- If no mitigations can be found, take into account disabling the Basic Internet Shopper or discontinuing use of affected Zimba servers till fixes arrive.
CISA additionally recommends monitoring logs for suspicious e-mail filter modifications or uncommon ICS file attachments. Any indicators of compromise ought to be handled as excessive precedence.
This zero-day XSS flaw carries a CVSS rating of seven.5 out of 10, marking it as excessive severity. It impacts all supported variations of Zimbra Collaboration Suite that embrace the Basic Internet Shopper.
As a result of the flaw requires solely {that a} person view an e-mail, it may be exploited by phishing campaigns or by sending malicious calendar invitations to staff.
Whereas it isn’t but clear which ransomware teams have adopted this vulnerability, its ease of use and excessive impression make it a probable candidate for inclusion in focused email-based campaigns.
Safety groups also needs to take into account tightening e-mail attachment insurance policies and including inspection guidelines for ICS information.
Consumer consciousness applications on the dangers of surprising calendar invitations might assist cut back the possibility of profitable assaults.
Well timed patching and cautious monitoring are essential to cease attackers from leveraging this flaw. All ZCS customers are suggested to behave instantly to guard their e-mail environments.
Observe us on Google Information, LinkedIn, and X to Get Instantaneous Updates and Set GBH as a Most well-liked Supply in Google.
