CVE-2023-37580

CVE-2023-37580 is a significant vulnerability discovered in the Zimbra Collaboration Suite, identified as a zero-day cross-site scripting (XSS) flaw. This vulnerability was exploited by threat actors to steal email data, user credentials, and authentication tokens from various government organizations. Google's Threat Analysis Group (TAG) first revealed this exploitation on November 16, 2023. Four different hacker groups were observed exploiting this vulnerability, some of which are believed to be advanced persistent threat actors based in China. The specific bug, CVE-2023-37580, is a reflected XSS vulnerability within the Zimbra email server. The issue was patched on July 25th, with a hotfix made available on its public GitHub repository on July 5th. Despite these remedial actions, the vulnerability continued to be exploited, particularly targeting international government organizations. The stolen information included not only email data but also valuable user credentials and authentication tokens, making this a high-risk security concern. In response to this threat, Check Point has provided protection against this vulnerability through its IPS blade. This security measure aims to safeguard systems from further exploitation by this XSS flaw in the Zimbra Collaboration Suite. Despite the patch and hotfix release, organizations are urged to update their systems promptly and monitor for any suspicious activity due to the severity of the potential data breach.