VulnerabilityALERT High

CVE-2025-48700: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Impact

CISA lists CVE-2025-48700 as known exploited in the wild for Synacor Zimbra Collaboration Suite (ZCS). Ransomware campaign use: Unknown. Federal remediation due date: 2026-04-23.

Recommended Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Published: 4/20/2026, 12:00:00 AMSource: CISA Known Exploited Vulnerabilities CatalogTags: CVE-2025-48700, Synacor, Zimbra Collaboration Suite (ZCS), CISA KEV, CWE-79