{"id":236837,"date":"2026-04-24T09:35:00","date_gmt":"2026-04-24T13:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/24\/over-10000-zimbra-servers-vulnerable-to-ongoing-xss-attacks\/"},"modified":"2026-04-28T20:00:13","modified_gmt":"2026-04-29T00:00:13","slug":"over-10000-zimbra-servers-vulnerable-to-ongoing-xss-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/24\/over-10000-zimbra-servers-vulnerable-to-ongoing-xss-attacks\/","title":{"rendered":"Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable\/\">Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-24 09:35:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to\u00a0nonprofit security organization\u00a0Shadowserver.<\/p>\n<p>Zimbra is a popular email and collaboration software suite used by hundreds of millions of people worldwide, including hundreds of government agencies and thousands of businesses.<\/p>\n<p>The vulnerability (tracked as CVE-2025-48700) affects ZCS 8.8.15, 9.0, 10.0, and 10.1 and can allow unauthenticated attackers to access sensitive information after executing arbitrary JavaScript within the user&#8217;s session\u200b\u200b.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/a\/as-tour-the-platform-970-x250.jpg\" alt=\"image\" style=\"margin-top: 0px;\"\/><\/p>\n<p>Synacor released security patches to address the flaw in June 2025, when it warned that CVE-2025-48700 exploits require no user interaction and can be triggered when a user views a maliciously crafted email message in the Zimbra Classic UI.<\/p>\n<p>On Monday, CISA flagged CVE-2025-48700 as being abused in the wild and added it to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.<\/p>\n<p>The U.S. cybersecurity agency also ordered Federal Civilian Executive Branch (FCEB) agencies to secure their Zimbra servers within three days, by April 23.<\/p>\n<p>On Friday, Internet security watchdog Shadowserver also warned that over 10,500 Zimbra servers exposed online remain unpatched, most of them in Asia (3,794) and Europe (3,793).<\/p>\n<p><img decoding=\"async\" alt=\"Exposed Zimbra servers\" height=\"390\" src=\"https:\/\/www.bleepstatic.com\/images\/news\/u\/1109292\/2026\/Exposed%20Zimbra%20servers.png\" width=\"700\"\/>Unpatched Zimbra servers exposed online (Shadowserver)<\/p>\n<p>While CISA didn&#8217;t share any details about CVE-2025-48700 attacks, another XSS vulnerability (tracked as CVE-2025-66376 and patched in early November) was exploited by the state-backed APT28 (a.k.a. Fancy Bear, Strontium) military hackers in phishing attacks targeting Ukrainian government entities starting in January.<\/p>\n<p>This phishing campaign (codenamed Operation GhostMail by security researchers at Seqrite Labs) also targeted the Ukrainian State Hydrology Agency (a critical infrastructure entity under the Ministry of&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-says-zimbra-flaw-now-exploited-over-10k-servers-vulnerable\/ Publish Date: 2026-04-24 09:35:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":236838,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/04\/24\/Zimbra.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25,27],"class_list":["post-236837","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236837"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=236837"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236837\/revisions"}],"predecessor-version":[{"id":236839,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236837\/revisions\/236839"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/236838"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=236837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=236837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=236837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}