CVE-2025-48700MEDIUM 6.1CISA KEVEPSS p75.1%

CVE-2025-48700Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor / Zimbra Collaboration Suite (ZCS)

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Scoring

CVSS 3.16.1 (MEDIUM)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS1.76% probability of exploitation · percentile 75.1% · 2026-06-19T12:03:05Z
Published2025-06-23
Last modified2026-04-21

CISA KEV entry

Added to KEV: 2026-04-20

Underlying weaknesses· 1

CWE-79

References

  1. https://wiki.zimbra.com/wiki/Security_Center
  2. https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
  3. https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48700

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

(incoming)1

TypeTargetConfidenceTier
KEVEntrySynacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerabilitykev-cve-2025-487000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
CVE
Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
CVE
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
CVE
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
CVE
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
CVE
Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.