Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files

Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files

A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS), identified as CVE-2025-27915, has been exploited in targeted attacks using weaponized iCalendar files. This stored cross-site scripting (XSS) flaw allows attackers to steal sensitive data from victims' email accounts.
Oct 6, 2025 CVE: CVE-2025-27915
Hackers Exploit Zimbra Flaw as Zero-Day Using iCalendar Files

Hackers Exploit Zimbra Flaw as Zero-Day Using iCalendar Files

A zero-day vulnerability in Zimbra Collaboration Suite (ZCS) has been exploited by hackers using malicious iCalendar files. The flaw, identified as CVE-2025-27915, allows attackers to execute arbitrary JavaScript and steal sensitive data from Zimbra Webmail.
Oct 6, 2025 CVE: CVE-2025-27915