Cross-Site Scripting Vulnerability in Zimbra Collaboration by Zimbra
CVE-2025-48700

6.1MEDIUM

Key Information:

Vendor

Zimbra

Status
Zimbra Collaboration Suite (ZCS)
Vendor
CVE Published:
23 June 2025

Badges

πŸ‘Ύ Exploit Exists🟣 EPSS 18%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-48700?

CVE-2025-48700 is a Cross-Site Scripting (XSS) vulnerability found in Zimbra Collaboration Suite (ZCS), specifically affecting versions 8.8.15, 9.0, 10.0, and 10.1. Zimbra is an open-source collaboration platform that provides email, calendar, and contact management services, widely used by organizations for communication and coordination. The identified vulnerability allows attackers to inject and execute arbitrary JavaScript code within a user's browser session when they view a maliciously crafted email message. This exploitation can occur with no extra action from the user, making it particularly dangerous. Due to inadequate sanitization of HTML content, specifically regarding the treatment of script injection vectors, this flaw can lead to unauthorized access to sensitive information, compromising user data integrity and confidentiality.

Potential impact of CVE-2025-48700

  1. Unauthorized Access to Sensitive Information: Exploitation of this vulnerability could allow attackers to gain access to confidential data within the user's session, including emails and personal information.

  2. Account Compromise: With the ability to execute arbitrary scripts, attackers may hijack user sessions and execute actions on behalf of legitimate users, potentially leading to further malicious activities within the organization.

  3. Reputation Damage and Financial Loss: If an organization falls victim to an exploit leveraging this vulnerability, the resulting data breaches can lead to significant reputational harm and financial losses, potentially affecting customer trust and compliance with regulatory requirements.

CISA has reported CVE-2025-48700

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-48700 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

News Articles

favicon imageBleepingComputer

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw.

1 week ago

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosur...

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • πŸ“°

    First article discovered by BleepingComputer

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.