CyberSec.Space Logo
CVEブラウザに戻る

CVE-2025-48700

Known Exploited (CISA KEV)CRITICAL
9.4
CVSS Severity Score
EPSS Score48.6370%
EPSS Percentile81.52th
Published2026年4月20日
Last Modified2026年6月12日

Vulnerability Description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Affected Platforms (CPE)

📦
Synacor

Zimbra Collaboration Suite (ZCS)

Refer to description

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2025-48700

関連する脆弱性情報

CVE-2016-99249.8

Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.

CVE-2017-68139.8

A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few req...

CVE-2020-77969.8

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

CVE-2017-68219.8

Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact...