CVE-2025-27915
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27915
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27915.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27915
- Published
- 2025-03-12T15:15:39Z
- Modified
- 2025-11-13T14:46:43.952583Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
- References
-
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes
- https://strikeready.com/blog/0day-ics-attack-in-the-wild/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27915
Affected packages
Git / github.com/zimbra/zm-build
Git / github.com/zimbra/zm-mailbox
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/zimbra/zm-mailbox/commit/f71bb9e0fc4367158daab23460145facb880685b",
"id": "CVE-2025-27915-204903a0",
"signature_version": "v1",
"target": {
"function": "isRegistered",
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "147912439549378573183391761697496305370",
"length": 440.0
}
},
{
"deprecated": false,
"source": "https://github.com/zimbra/zm-mailbox/commit/f71bb9e0fc4367158daab23460145facb880685b",
"id": "CVE-2025-27915-5b50a674",
"signature_version": "v1",
"target": {
"function": "register",
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java"
},
"signature_type": "Function",
"digest": {
"function_hash": "335162369327712599477812998866283790401",
"length": 553.0
}
},
{
"deprecated": false,
"source": "https://github.com/zimbra/zm-mailbox/commit/f71bb9e0fc4367158daab23460145facb880685b",
"id": "CVE-2025-27915-bf6cb457",
"signature_version": "v1",
"target": {
"file": "store/src/java/com/zimbra/cs/account/ZimbraAuthToken.java"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"209130410428302556674071306187255704306",
"225310395921744025336948292490858461814",
"202190201291662939402323303269050111616",
"132751591392474821768102870026283226265",
"172346609573432209325122272615371308482",
"222857540467584160731142151123556065446",
"114702154303227773654858857858893039850",
"115463294749429024956935728040097366866",
"254866902658856906789416304683651989454",
"52368022671279424149706331470829537460",
"3082333680933600016665998035313867610",
"228023414434089579059873133297067383621",
"221657657252478192217487153310191495491",
"167520746795132071856396247014516156578"
]
}
}
]