The Zimbra Safety Workforce has urged prospects to repair a important vulnerability affecting the traditional internet consumer used to entry the Zimbra Collaboration suite.
Zimbra is a extremely common electronic mail and collaboration software program suite utilized by lots of of tens of millions of individuals, together with hundreds of companies and lots of of presidency companies world wide. Often known as Traditional UI, this Ajax-based webmail interface is quicker than Zimbra’s fashionable internet consumer, which requires extra sources when loading massive electronic mail folders.
The corporate launched Zimbra 10.1.19 this Tuesday to repair this saved cross-site scripting (XSS) safety flaw, however it has not but obtained a CVE ID for simpler monitoring. An attacker may exploit this traditional internet consumer safety subject by way of a specifically crafted electronic mail that executes malicious code when the e-mail is opened.
A profitable exploit may enable the attacker to steal session information, account settings, and mailbox data.
“This subject solely impacts customers of the Traditional Internet Shopper, so prospects utilizing the Traditional Internet Shopper ought to improve to ZCS v10.1.19 as quickly as potential,” Zimbra warns. “We strongly suggest that you simply improve to this model to maintain your atmosphere safe.”
Though Zimbra has not but tagged the vulnerability as being exploited, the flaw was reported by Google’s Menace Evaluation Group, which steadily warns of zero-day exploits deployed by state-sponsored hacker teams in cyberattacks focusing on high-risk people equivalent to opposition politicians, dissidents, and journalists.
Focused by Russian state hackers
Zimbra’s safety flaws have been steadily exploited lately by Russian state-backed hackers, who’ve compromised hundreds of susceptible servers.
For instance, the Russian-backed Winter Vivern hacking group used a reflective XSS exploit in February 2023 to infiltrate the Zimbra webmail portal and steal emails from organizations and people affiliated with NATO, together with authorities officers, navy personnel, and diplomats.
In October 2024, US and UK cyber companies additionally warned that APT29 (also referred to as Midnight Blizzard and Cozy Bear) hackers affiliated with Russia’s Overseas Intelligence Service (SVR) have been focusing on susceptible Zimbra servers “at scale” utilizing an exploit focusing on a flaw beforehand exploited to steal electronic mail account credentials.
Extra not too long ago, in March, the Cybersecurity and Infrastructure Safety Company (CISA) ordered federal companies to patch one other Zimbra XSS flaw (CVE-2025-66376) that was exploited by hackers related to the APT28 group (affiliated with Russian navy intelligence) in assaults focusing on Ukrainian authorities companies.
In April, nonprofit safety group Shadowserver warned that greater than 10,500 Zimbra Collaboration Suite (ZCS) cases uncovered on-line stay susceptible to an ongoing assault exploiting one other cross-site scripting (XSS) safety flaw (tracked as CVE-2025-48700).

Safety groups doc 54% of profitable assaults and subject a warning on solely 14%. The remaining strikes invisibly by way of the atmosphere.
Picus’ whitepaper reveals tips on how to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
