Security News > 2022 > August > Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation.
The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers -.
"If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible," Zimbra warned earlier this week.
CISA has not shared any information on the attacks exploiting the flaws but cybersecurity firm Volexity described mass in-the-wild exploitation of Zimbra instances by an unknown threat actor.
Volexity said "It was possible to bypass authentication when accessing the same endpoint used by CVE-2022-27925," and that the flaw "Could be exploited without valid administrative credentials, thus making the vulnerability significantly more critical in severity."
"When combined with a separate bug it became an unauthenticated RCE exploit that made remote exploitation trivial."
News URL
https://thehackernews.com/2022/08/researchers-warn-of-ongoing-mass.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2022-27925 | Path Traversal vulnerability in Synacor Zimbra Collaboration Suite 8.8.15/9.0.0 Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 7.2 |