Zimbra security patch release for CVE-2025-27915
Security Patch Release
Summary
Hide ▲
Show ▼
Zimbra Collaboration released security fixes for CVE-2025-27915, closing a stored XSS flaw in the Classic Web Client that could enable session abuse and data exfiltration. The patch bundle shipped on January 27, 2025 in 9.0.0 Patch 44, 10.0.13, and 10.1.5. Later reporting linked the flaw to zero-day abuse in attacks that used malicious ICS files.
Cases
Related Happenings
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Synacor Zimbra CVE-2025-48700 security patch release
Security Patch Release
First: 24.04.2026 16:35
Last: 24.04.2026 16:35
Sources 1
About this happening:
Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...
Synacor Zimbra CVE-2025-48700 security patch release
Security Patch ReleaseAbout this happening: Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...
GIGABYTE security patch release for CVE-2026-4415
Security Patch Release
First: 01.04.2026 01:28
Last: 01.04.2026 01:28
Sources 1
About this happening:
**GIGABYTE** is directing users of **Control Center** to upgrade to **25.12.10.01** to mitigate **CVE-2026-4415**, a flaw that exposed systems to remote file writes. The update ma...
GIGABYTE security patch release for CVE-2026-4415
Security Patch ReleaseAbout this happening: **GIGABYTE** is directing users of **Control Center** to upgrade to **25.12.10.01** to mitigate **CVE-2026-4415**, a flaw that exposed systems to remote file writes. The update ma...
APT28 Operation GhostMail Zimbra phishing campaign targeting Ukrainian government entities
Campaign
First: 19.03.2026 16:55
Last: 19.03.2026 16:55
Sources 1
About this happening:
**APT28**’s **Operation GhostMail** is actively targeting **Ukrainian government entities** through a phishing chain that exploits **CVE-2025-66376** in **Zimbra Collaboration Sui...
APT28 Operation GhostMail Zimbra phishing campaign targeting Ukrainian government entities
CampaignAbout this happening: **APT28**’s **Operation GhostMail** is actively targeting **Ukrainian government entities** through a phishing chain that exploits **CVE-2025-66376** in **Zimbra Collaboration Sui...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch Release
First: 04.03.2026 21:12
Last: 04.03.2026 21:12
Sources 1
About this happening:
**Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch ReleaseAbout this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Latest development: 20.03.2026 17:09
CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.
Timeline
-
06.10.2025 09:01 3 articles · 7mo ago
Zimbra patches CVE-2025-27915 in Zimbra Collaboration
Mitigation Patch UpdateZimbra Collaboration released 9.0.0 Patch 44, 10.0.13, and 10.1.5 on January 27, 2025 to fix CVE-2025-27915, a stored cross-site scripting vulnerability in the Classic Web Client caused by insufficient sanitization of HTML content in ICS calendar files.
Show sources
- Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files — thehackernews.com — 06.10.2025 09:01
- Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files — thehackernews.com — 06.10.2025 09:01
- Cyberattackers Exploit Zimbra Zero-Day Via ICS — www.darkreading.com — 06.10.2025 23:12
-
30.09.2025 03:00 1 articles · 7mo ago
Unknown actors exploit Zimbra zero-day against the Brazilian military
Exploitation ObservedStrikeReady Labs reported on September 30, 2025 that unknown threat actors spoofing the Libyan Navy's Office of Protocol used malicious ICS files to exploit Zimbra Collaboration CVE-2025-27915 as a zero-day against the Brazilian military. The embedded JavaScript executed through an ontoggle event inside a details tag and was designed to steal credentials, emails, contacts, and shared folders, while also creating a Zimbra filter named Correo that forwarded messages to [email protected].
Show sources
- Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files — thehackernews.com — 06.10.2025 09:01