VulnerabilityBleeping Computer
6.1 — HIGH
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Over 10,000 Zimbra servers are vulnerable to ongoing XSS attacks due to a security flaw in Synacor's ZCS software suite, allowing unauthenticated attackers to access sensitive information.
⚙️Technical Details
Affected Systems
Synacor Zimbra Collaboration Suite (ZCS) 8.8.15, 9.0, 10.0, and 10.1
Attack Vectors
NETWORK
💥Impact Assessment
Severity: MEDIUM
Who Is at Risk
Hundreds of government agencies and thousands of businesses using Zimbra Collaboration Suite
🛡️Recommended Actions
1Apply security patches to affected ZCS instances as soon as possible
2Monitor for suspicious email activity and implement email filtering rules
3Conduct regular vulnerability scans to identify and remediate any remaining unpatched systems
📦Affected Products
Synacor Zimbra Collaboration SuiteSynacor Zimbra Collaboration Suite (ZCS) 8.8.15, 9.0, 10.0, and 10.1
🔐NVD Verified DataVERIFIED
CVE-2025-48700 ↗CVSS 6.1 — MEDIUM
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWeaknesses
CWE-79
Affected Products (CPE)
Synacor Zimbra Collaboration Suite
CVE-2025-66376 ↗CVSS 6.1 — MEDIUM
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWeaknesses
CWE-79
Affected Products (CPE)
Synacor Zimbra Collaboration Suite
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.