Cross-Site Scripting Vulnerability in Zimbra Collaboration by Zimbra
CVE-2025-48700

6.1MEDIUM

Key Information:

Vendor

Zimbra

Status
Zimbra Collaboration Suite (ZCS)
Vendor
CVE Published:
23 June 2025

What is CVE-2025-48700?

A Cross-Site Scripting vulnerability has been identified in various versions of Zimbra Collaboration Suite (ZCS), allowing attackers to inject arbitrary JavaScript through insufficiently sanitized HTML content. This flaw is particularly concerning as it can be exploited when users open specially crafted email messages in the Classic UI, enabling potential unauthorized access to sensitive data without any requirement for additional user interaction. Mitigating this risk requires promptly updating to the latest product versions and employing security best practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosur...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.