criticalCISA KEVCVE-2025-48700

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

ProductZimbra Collaboration Suite (ZCS)
CVSS6.1
EPSS0.01761
UpdatedJuly 9, 2026

Quick answer

Synacor Zimbra Collaboration Suite (ZCS) should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • 8.8.15
  • 9.0.0

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Treat CVE-2025-48700 as an actively exploited Zimbra Collaboration Suite Classic UI cross-site scripting risk. Zimbra advisories and OSV describe crafted email content that can execute JavaScript in a user session when viewed in the Classic UI. Apply the Zimbra security patch level that fixes CVE-2025-48700, including 8.8.15 Patch 47, 9.0.0 Patch 43, 10.0.12, 10.1.4, or a later supported release as applicable. Prioritize internet-facing mail systems and review accounts that may have viewed suspicious crafted email.

  1. Inventory every Zimbra Collaboration Suite server, mailbox node, proxy node, public webmail URL, and Classic UI deployment.
  2. Identify ZCS 8.8.15, 9.0.0, 10.0, and 10.1 deployments below the Zimbra patch level that fixes CVE-2025-48700.
  3. Upgrade affected systems to 8.8.15 Patch 47, 9.0.0 Patch 43, 10.0.12, 10.1.4, or a later supported Zimbra security release.
  4. Restrict administrative interfaces and webmail exposure where possible until patching is complete.
  5. Search mailboxes and logs for suspicious crafted HTML messages, encoded style tags, import directives, or unusual Classic UI activity.
  6. Review authentication logs, mailbox access, delegated access, filters, forwarding rules, and account settings for suspicious changes.
  7. Rotate affected user passwords and invalidate sessions if suspicious message viewing or account access is suspected.
  8. Remove or replace unsupported Zimbra deployments that cannot receive current security patches.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm each Zimbra deployment reports the fixed patch level or a later supported release.
  • Confirm Zimbra security advisories no longer list the deployment as below the CVE-2025-48700 fix level.
  • Confirm vulnerability management no longer flags CVE-2025-48700 on Zimbra hostnames.
  • Review post-patch mail and web logs for continued crafted-message or Classic UI XSS attempts.
  • Run a Fixnx scan against public Zimbra webmail and proxy hostnames to confirm visible exposure.

Related categories

Trusted references

FAQ

What is affected by CVE-2025-48700?

Synacor Zimbra Collaboration Suite (ZCS) should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.