An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide.
In August 11, CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The two issues are:
- CVE-2022-27925 (CVSS score: 7.2) – Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
- CVE-2022-37042 – Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability
CISA orders federal agencies to fix both issues by August 25, 2022. The vendor has already released security updates to address both vulnerabilities.
