CVE-2025-48700

6.1

MEDIUM CVSS 3.1

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - [Actively Exploited]

Overview

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.

Details

INFO

Published Date :

June 23, 2025, 3:15 p.m.

Last Modified :

April 21, 2026, 12:48 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: Apr 23, 2026

Alert Date: Apr 20, 2026 | 11 days ago

Description :

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700

Impact

Affected Products

The following products are affected by CVE-2025-48700 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Synacor	zimbra_collaboration_suite

: Total Affected Vendor : 1 | Products : 1

Scoring

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	MEDIUM				134c704f-9b21-4f2e-91b3-4a467353bcc0

Solution

Update Zimbra Collaboration to patch the Cross-Site Scripting vulnerability in the Classic UI.

Apply the latest security patches for Zimbra Collaboration.
Review and sanitize user-generated content for script tags.
Disable or restrict the use of `@import` directives if possible.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-48700.

URL	Resource
https://wiki.zimbra.com/wiki/Security_Center	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Product
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48700	US Government Resource

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-48700 is associated with the following CWEs:

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-48700 weaknesses.

CAPEC-63: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) CAPEC-85: AJAX Footprinting AJAX Footprinting CAPEC-209: XSS Using MIME Type Mismatch XSS Using MIME Type Mismatch CAPEC-588: DOM-Based XSS DOM-Based XSS CAPEC-591: Reflected XSS Reflected XSS CAPEC-592: Stored XSS Stored XSS

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-48700 vulnerability anywhere in the article.

TheCyberThrone

CISA Adds Eight Actively Exploited Vulnerabilities to KEV Catalog

CISA expanded its Known Exploited Vulnerabilities (KEV) catalog on April 20, 2026, adding eight security flaws spanning enterprise print management, CI/CD platforms, CMS infrastructure, appliance mana ...

Published Date: Apr 21, 2026 (1 week, 2 days ago)

Daily CyberSecurity

MOVEit WAF Critical Alert: Multi-Level RCE and WAF Bypass Vulnerabilities Disclosed

Progress Software has released a critical security bulletin for April 2026, revealing five high-impact vulnerabilities affecting MOVEit WAF and related Application Delivery Controller (ADC) products. ...

Published Date: Apr 21, 2026 (1 week, 2 days ago)

Help Net Security

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)

CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploi ...