Hackers exploited Zimbra flaw as zero-day using iCalendar files

A zero-day vulnerability (CVE-2025-27915) in Zimbra Collaboration Suite (ZCS) was actively exploited using malicious iCalendar files. The flaw, an XS) vulnerability, allowed attackers to execute arbitrary JavaScript in victim sessions.