Zimbra has released an emergency patch to resolve a critical IMAP synchronization issue affecting multi-server environments, which was causing message display errors and sync failures in the previous release.

Affected Systems:

• Zimbra Version 10.1.13 or earlier

Security Risks

The identified vulnerabilities may result in inaccurate email message display and failures in IMAP synchronization, particularly in multi-server environments with high IMAP usage. These issues can compromise communication reliability and operational consistency across affected systems.

For the full list of security patches released by Zimbra, please refer to the Zimbra Emergency Patch Release and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Apply the latest security patches as soon as possible to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

        The released software version to upgrade to is:

• Zimbra Version 10.1.14

• Before any update task, please ensure you have a recent backup that can easily be restored.

• The following Zimbra software product will reach its end-of-life on December 31, 2025, and must be upgraded to a supported version to continue receiving updates and support:

• Zimbra 10.0

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Zimbra Emergency Patch Release

• Emergency Security Patch: Zimbra 10.1.14 (Release Notes)

• https://www.zimbra.com/product/download/

• Zimbra Patch Installation