Critical Zimbra Vulnerability Actively Exploited by Hackers

A recently patched flaw in Zimbra servers is being used by attackers to install backdoors through crafted emails.

The vulnerability, CVE-2024-45519, exists in Zimbra's postjournal service and allows remote code execution via SMTP.
Attackers are exploiting the flaw by sending emails with base64-encoded commands in the CC field to execute on the server.
The exploitation has been described as 'mass-exploitation' but is limited by the need for specific server settings to be changed.
Security researchers advise immediate patching and disabling the postjournal service if not needed to mitigate risks.
The exploit attempts are widespread but lack sophistication, using the same server for both sending emails and hosting payloads.