Thursday, May 15, 2025
HomeCVE/vulnerabilityHackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Hackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Published on

SIEM as a Service

Follow Us on Google News

Zimbra CVE-2022-27824 has been added to the CISA’s “Known Exploited Vulnerabilities” catalog as a new vulnerability. Hackers are actively exploiting it in attack activities, which indicates it is active in the hacking community.

Unauthenticated threat actors are able to steal email account credentials in clear-text by exploiting this high-severity vulnerability. Using Zimbra Collaboration, a threat actor steals credentials without asking the user for their permission.

https://www.youtube.com/watch?v=GIgHZrPrGug

Impact

During legitimate authentication attempts, a hacker can make use of CRLF injection to poison Memcache and deceive the software into relaying all IMAP traffic to the threat actor instead of forwarding it to the legitimate authentication attempt.

- Advertisement - Google News

It was discovered by SonarSource researchers on March 11, 2022, that the flaw had been exploited. An update that addressed these issues was released by the software vendor on May 10, 2022. In the following list, we have mentioned the fixed versions as follows:-

  • ZCS 9.0.0 Patch 24.1
  • ZCS 8.8.15 Patch 31.1

Based on CISA’s latest catalog addition, it has become evident that not all administrators have updated their security software with the latest updates. It has been nearly three months since all these updates became available to the public.

Exploit Capabilities

It is now possible for hackers to identify and attack vulnerable instances; all credit goes to the opportunity provided by this. As a result of stealing the credentials from a Zimbra account, they are able to do the following things:-

  • Access the email server
  • Making spear-phishing easier by removing the barriers to entry
  • Social engineering
  • BEC (Business Email Compromise) attacks

Zimbra Collaboration is used by a variety of organizations, including the following:- 

  • The number of businesses in the network exceeds 200,000.
  • The number of state entities exceeds 1,000.
  • In 140 countries, they support critical organizations.

In spite of all the recommendations made by CISA, all Federal agencies in the U.S. need to apply the security updates available to them as soon as possible until August 25, 2022, since it’s the final deadline.

Moreover, apart from the Federal agencies, CISA has also recommended all non-federal agencies and organizations to immediately apply the security updates to avoid any exploitation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...

TA406 Hackers Target Government Entities to Steal Login Credentials

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni,...

Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect...

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)

Security researchers have disclosed a new macOS sandbox escape vulnerability tracked as CVE-2025-31258, accompanied...

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...

New Advanced Phishing Attack Exploits Discord to Target Crypto Users

Check Point Research has uncovered a sophisticated phishing campaign that leverages Discord to target...