Exposures › CVE-2025-48700
Synacor ZCS XSS vulnerability (CVE-2025-48700) allows arbitrary JavaScript execution in user sessions, enabling unauthorized access to sensitive data.
This cross-site scripting flaw in Synacor's Zimbra Collaboration Suite allows attackers to inject malicious scripts into user sessions, potentially exfiltrating sensitive information. DIB organizations must patch immediately to prevent session hijacking and data theft, as the vulnerability is actively exploited in the wild.
Shame score — While actively exploited, the vulnerability is a standard XSS flaw rather than a supply-chain or negligence failure, resulting in moderate embarrassment.
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.
No correlated FedRAMP products.