SecurityScorecard Advisory: Synacor Zimbra Collaboration Suite XSS Vulnerability (CVE-2024-27443) Added to CISA KEV

CVE-2024-27443 is a vulnerability affecting Zimbra Collaboration.  As described in a blog post by ESET Research, this vulnerability is currently being exploited in the wild and is found to be targeting government entities and defense companies.

On May 19, 2025, this vulnerability was added to CISA’s list of Known Exploited Vulnerabilities (CISA-KEV).

• Severity Medium
• Impact Medium impact (Potential for material loss)
• Action: Update to latest patch available.

At the time of this writing, SecurityScorecard’s Attack Surface Intelligence has found over 30,000 IPs that are potentially vulnerable to this CVE.