Wednesday , July 2 2025
zimbra

Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching

Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted emails to the SMTP server.

CVE-2024-45519 is a remote code execution vulnerability in Zimbra’s postjournal service, which handles incoming emails via SMTP. Attackers can exploit this flaw by sending emails with commands in the CC field, causing the postjournal service to execute those commands.

CYDES 2025
MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief

The second day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 further cemented Malaysia’s position as a...
Read More
CYDES 2025  MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief

CYDES 2025
Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

Malaysia's Deputy Prime Minister Datuk Seri Dr. Ahmad Zahid Hamidi said that Malaysia has placed cybersecurity at the heart of...
Read More
CYDES 2025  Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

Amid Meta moves; OpenAI is largely shutting down next week: Wired

Mark Chen, the chief research officer at OpenAI, sent a forceful memo to staff on Saturday, promising to go head-to-head...
Read More
Amid Meta moves; OpenAI is largely shutting down next week: Wired

Canada orders Hikvision to close operations over national security

The Canadian government ordered Hikvision to stop all operations in the country due to national security concerns. Hikvision, based in...
Read More
Canada orders Hikvision to close operations over national security

First couple “Rosie” to conceive using AI tech “STAR” successfully

Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...
Read More
First couple “Rosie” to conceive using AI tech “STAR” successfully

Scattered Spider Actively Attacking Aviation and Transportation: FBI

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...
Read More
Scattered Spider Actively Attacking Aviation and Transportation: FBI

Russia’s restrictions on Cloudflare making websites inaccessible

Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...
Read More
Russia’s restrictions on Cloudflare making websites inaccessible

61 million Verizon records allegedly posted online for sale

A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...
Read More
61 million Verizon records allegedly posted online for sale

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...
Read More
Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...
Read More
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

Threat actors began exploiting the vulnerability after Project Discovery released its technical details and proof of concept (PoC) exploit code.

“Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations.” reads a blog post published by Project Discovery.

The vulnerability was discovered by the security researcher lebr0nli (Alan Li). Versions 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 released on September 4, 2024 address the vulnerability.

Attackers spoofed Gmail to send emails with base64 strings executed by Zimbra servers. These servers also send exploit emails and host further payloads. The identity of the threat actor behind this campaign remains unclear.

“Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands. The addresses contained base64 strings that are executed with the sh utility.” warned Proofpoint on X. “For unknown reasons, the threat actor is using the same server to send the exploit emails and host second-stage payloads. The activity is unattributed at this time.”

Emails from one sender used CC’d addresses to try to create a webshell on vulnerable Zimbra servers. The attackers combined the CC list into a string, and when decoded from base64, it contained a command to write a webshell at the URL: /jetty/webapps/zimbraAdmin/public/jsp/zimbraConfig.jsp.

After deployment, the webshell listens for connections using a specific JSESSIONID cookie and interprets the JACTION cookie for base64 commands. It can execute commands or download and run files through a socket connection.

The availability of a PoC exploit exposes users to the risk of attacks, it is strongly recommended to apply the latest versions as soon as possible.

Source: Proofpoint, Securityaffair

Check Also

Citrix

Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been …

Leave a Reply

Your email address will not be published. Required fields are marked *