CVE-2025-27915
- Source
- https://cve.org/CVERecord?id=CVE-2025-27915
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27915.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27915
- Published
- 2025-03-12T15:15:39.900Z
- Modified
- 2026-02-17T00:46:02.382859Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes
- https://strikeready.com/blog/0day-ics-attack-in-the-wild/
- https://strikeready.com/blog/0day-ics-attack-in-the-wild/
Affected packages
Git / github.com/zimbra/zm-build
Git / github.com/zimbra/zm-mailbox
Affected versions
10.*
10.0.0-GA
10.0.1
10.0.11
10.0.12
10.0.2
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.1.0
10.1.1
10.1.2
10.1.3
10.1.4
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27915.json"
vanir_signatures
[
{
"id": "CVE-2025-27915-204903a0",
"digest": {
"length": 440.0,
"function_hash": "147912439549378573183391761697496305370"
},
"signature_type": "Function",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java",
"function": "isRegistered"
},
"signature_version": "v1",
"source": "https://github.com/zimbra/zm-mailbox/commit/f71bb9e0fc4367158daab23460145facb880685b",
"deprecated": false
},
{
"id": "CVE-2025-27915-401a15b8",
"digest": {
"length": 537.0,
"function_hash": "207573606511665395831561257673851577337"
},
"signature_type": "Function",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java",
"function": "register"
},
"signature_version": "v1",
"source": "https://github.com/zimbra/zm-mailbox/commit/f43cf83bdf5e5b72dc95d0025b9e9f8f8e569df7",
"deprecated": false
},
{
"id": "CVE-2025-27915-5b50a674",
"digest": {
"length": 553.0,
"function_hash": "335162369327712599477812998866283790401"
},
"signature_type": "Function",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java",
"function": "register"
},
"signature_version": "v1",
"source": "https://github.com/zimbra/zm-mailbox/commit/f71bb9e0fc4367158daab23460145facb880685b",
"deprecated": false
},
{
"id": "CVE-2025-27915-b56c7cb1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209130410428302556674071306187255704306",
"225310395921744025336948292490858461814",
"202190201291662939402323303269050111616",
"132751591392474821768102870026283226265",
"172346609573432209325122272615371308482",
"222857540467584160731142151123556065446",
"114702154303227773654858857858893039850",
"115463294749429024956935728040097366866",
"254866902658856906789416304683651989454",
"52368022671279424149706331470829537460",
"3082333680933600016665998035313867610",
"228023414434089579059873133297067383621",
"221657657252478192217487153310191495491",
"167520746795132071856396247014516156578"
]
},
"signature_type": "Line",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java"
},
"signature_version": "v1",
"source": "https://github.com/zimbra/zm-mailbox/commit/f43cf83bdf5e5b72dc95d0025b9e9f8f8e569df7",
"deprecated": false
},
{
"id": "CVE-2025-27915-bf6cb457",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209130410428302556674071306187255704306",
"225310395921744025336948292490858461814",
"202190201291662939402323303269050111616",
"132751591392474821768102870026283226265",
"172346609573432209325122272615371308482",
"222857540467584160731142151123556065446",
"114702154303227773654858857858893039850",
"115463294749429024956935728040097366866",
"254866902658856906789416304683651989454",
"52368022671279424149706331470829537460",
"3082333680933600016665998035313867610",
"228023414434089579059873133297067383621",
"221657657252478192217487153310191495491",
"167520746795132071856396247014516156578"
]
},
"signature_type": "Line",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java"
},
"signature_version": "v1",
"source": "https://github.com/zimbra/zm-mailbox/commit/f71bb9e0fc4367158daab23460145facb880685b",
"deprecated": false
},
{
"id": "CVE-2025-27915-fd099f8b",
"digest": {
"length": 424.0,
"function_hash": "312730700685781896464381642890126485675"
},
"signature_type": "Function",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java",
"function": "isRegistered"
},
"signature_version": "v1",
"source": "https://github.com/zimbra/zm-mailbox/commit/f43cf83bdf5e5b72dc95d0025b9e9f8f8e569df7",
"deprecated": false
}
]