A vulnerability in the Zimbra Collaboration Suite (ZCS) is now being leveraged to give threat actors access to servers. The flaw, tracked as CVE-2022-41352, is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server. The news was initially broken by Kaspersky who confirmed that nearly 900 servers have been hacked. When initially discovered, the flaw  was labeled a zero-day that remained unpatched for almost two months. A patch was released shortly after a PoC was added to the Metasploit framework. Zimbra released ZCS 9.0.0 P27 which is believed to have fixed or replaced all the components that made the exploit possible. It is believed by Kaspersky that an unknown APT is running targeted campaigns that take advantage of unpatched systems.