Italy CSIRT Advisories

Zimbra CVE-2025-48700 Active Exploitation Detected by Italy CSIRT

CSIRT-ITA has issued Alert AL06/260422/CSIRT-ITA confirming active in-the-wild exploitation of CVE-2025-48700, a stored Cross-Site Scripting vulnerability in Zimbra Collaboration Suite with CVSS v3.x score of 7.2 (High). The flaw stems from insufficient HTML sanitization in the Classic UI email interface, allowing malicious code hidden in HTML email content to bypass security controls and execute in users' browser sessions, enabling unauthorized access to sensitive system information. Affected versions span ZCS 10.1.x, 10.0.x, 9.x, and 8.8.x branches prior to their respective latest patched releases. CSIRT-ITA recommends immediate patching to the latest available versions as the primary mitigation measure.

Apache Kafka Critical Auth Bypass Vulnerability CVE-2026-33557 Affects Versions 4.1.x

CSIRT-ITA has issued Alert AL07/260422/CSIRT-ITA disclosing a critical authentication bypass vulnerability (CVE-2026-33557) in Apache Kafka affecting versions 4.1.x and earlier. The vulnerability, rated with a high systemic impact score of 65.51, could allow an attacker to circumvent authentication mechanisms of the open-source stream-processing platform. The advisory recommends immediate application of the latest security patches provided by the vendor. CVE-2026-33557 is catalogued at the NVD with references to the Apache Kafka project mailing list for additional detail.

Critical Spring Security Vulnerabilities Fixed, Authentication Bypass Risk

CSIRT-ITA issued an alert (AL05/260422/CSIRT-ITA) reporting that security updates have resolved new vulnerabilities in Spring Security and Spring Authorization Server, including one classified as "critical" severity and two classified as "high" severity. The affected products include Spring Security versions 7.0.4 and earlier, and Spring Authorization Server versions 1.3.10, 1.4.9, 1.5.6 and earlier. Three CVEs are referenced: CVE-2026-22752, CVE-2026-22753, and CVE-2026-22754. The alert recommends updating vulnerable products to patched versions following the vendor security bulletins published at spring.io/security.