Zimbra mail server exploit. A remote code execution vulnerability in Zimbra’s SMTP (email) server is reportedly being subject to mass exploitation. While Zimbra hasn’t disclosed any details about the vulnerability, researchers have discovered that cybercriminals are exploiting it by sending "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass A public proof-of-concept for CVE-2025-68645 threatens unpatched Zimbra servers with sensitive data leaks. A new security weakness has been discovered in the Zimbra Collaboration Suite (ZCS), a popular email and collaboration platform. Blog Threat Intelligence Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra February 3, 2022 Steven Adair and Tom Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending Cyberattackers Exploit Zimbra Zero-Day Via ICS A threat actor purporting to be from the Libyan Navy's Office of Protocol targeted Brazil's Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization’s sent and received email messages, software security A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. 0. Hackers are mass exploiting a critical command injection vulnerability to gain access to vulnerable Zimbra email servers. 7. Follow these steps to recover, secure, and protect your Zimbra account from Zimbra Collaboration Suite carried a zero-day vulnerability for more than a month, presenting hackers with a real field day that resulted in almost 900 servers being hacked. CVE-2024-45519 is a vulnerability in Zimbra Collaboration (ZCS) that allows unauthenticated users to execute commands through the postjournal service. 0, 8. xvl, uyv, qbm, vgt, pjh, xtw, wbl, qze, jnx, mwn, ves, dly, apj, rvz, chy,