CVE-2025-48700

Known Exploited (CISA KEV)CRITICAL

9.4

CVSS Severity Score

EPSS Score48.6370%

EPSS Percentile81.52th

PublishedApr 20, 2026

Last ModifiedJun 12, 2026

Vulnerability Description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Affected Platforms (CPE)

📦

Synacor

Zimbra Collaboration Suite (ZCS)

Refer to description

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-48700

Related Vulnerabilities

CVE-2016-99249.8

Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.

CVE-2017-68139.8

A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few req...

CVE-2020-77969.8

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

CVE-2017-68219.8

Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact...