Alert (AA22-228A) Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are publishing this joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform. CVEs currently being exploited against ZCS include: ・CVE-2022-24682 ・CVE-2022-27924 ・CVE-2022-27925 chained with CVE-2022-37042 ・CVE-2022-30333 Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA