Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations.

The experts observed that most of the attacks took place after the public disclosure of the patch for this vulnerability.

The vulnerability is a reflected cross-site scripting (XSS) issue that resides in the Zimbra Classic Web Client, it impacts Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41. Zimbra addressed the vulnerability CVE-2023-37580 in July 2023.